{"vulnerability": "cve-2024-3994", "sightings": [{"uuid": "19c9f2b6-25ce-4020-a225-fba16a2f30b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39943", "type": "published-proof-of-concept", "source": "https://t.me/HackingInsights/4988", "content": "\u200aCVE-2024-39943 (CVSS 9.9): Critical Vulnerability in HTTP File Server Exposes Systems to RCE\n\nhttps://securityonline.info/cve-2024-39943-cvss-9-9-critical-vulnerability-in-http-file-server-exposes-systems-to-rce/", "creation_timestamp": "2024-07-06T09:56:17.000000Z"}, {"uuid": "66e3e446-c8a8-4c41-a2f9-5e1aaf3666de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39943", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7871", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aCVE-2024-4040 PoC\nURL\uff1ahttps://github.com/truonghuuphuc/CVE-2024-39943-Poc\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-05T07:12:36.000000Z"}, {"uuid": "27a10994-7901-4a8c-bdc9-18ef25a3fbe6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39946", "type": "seen", "source": "https://t.me/cvedetector/2100", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-39946 - \"Dahua Authentication Bypass CSRF\"\", \n  \"Content\": \"CVE ID : CVE-2024-39946 \nPublished : July 31, 2024, 4:15 a.m. | 25\u00a0minutes ago \nDescription : A vulnerability has been found in Dahua products.After obtaining the administrator's username and password, the attacker can send a carefully crafted data packet to the interface with vulnerabilities, causing device initialization. \nSeverity: 6.0 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"31 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-31T06:48:05.000000Z"}, {"uuid": "87847b6c-b5f6-43aa-a20b-49c2d903d689", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39943", "type": "published-proof-of-concept", "source": "https://t.me/haj3imad/20903", "content": "https://github.com/truonghuuphuc/CVE-2024-39943-Poc\n\nOn Linux, UNIX and macOS, CVE-2024-39943 is reset to HFS (also known as HTTP file server) before 0.52.10.\n\n#github #exploit #poc", "creation_timestamp": "2024-12-02T17:57:34.000000Z"}, {"uuid": "eefaf966-b5cc-4e83-9d8b-fa0c892125a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39944", "type": "seen", "source": "https://t.me/cvedetector/2102", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-39944 - Dahua TCP Denial of Service\", \n  \"Content\": \"CVE ID : CVE-2024-39944 \nPublished : July 31, 2024, 4:15 a.m. | 25\u00a0minutes ago \nDescription : A vulnerability has been found in Dahua products.Attackers  \ncan send carefully crafted data packets to the interface with vulnerabilities,  \ncausing the device to crash. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"31 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-31T06:48:07.000000Z"}, {"uuid": "11aaf313-8263-4735-87d4-f3d38f8bef54", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39945", "type": "seen", "source": "https://t.me/cvedetector/2101", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-39945 - Dahua Denial of Service (DoS)\", \n  \"Content\": \"CVE ID : CVE-2024-39945 \nPublished : July 31, 2024, 4:15 a.m. | 25\u00a0minutes ago \nDescription : A vulnerability has been found in Dahua products.\u00a0\u00a0After  \nobtaining the administrator's username and password, the attacker can send a  \ncarefully crafted data packet to the interface with vulnerabilities, causing  \nthe device to crash. \nSeverity: 4.9 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"31 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-31T06:48:06.000000Z"}, {"uuid": "1049bd78-288b-4be0-9ff4-972ee4d8b112", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39947", "type": "seen", "source": "https://t.me/cvedetector/2099", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-39947 - \"Dahua Device Crash Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-39947 \nPublished : July 31, 2024, 4:15 a.m. | 25\u00a0minutes ago \nDescription : A vulnerability has been found in Dahua products.After obtaining the ordinary user's username and password, the attacker can send a carefully crafted data packet to the interface with vulnerabilities, causing the device to crash. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"31 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-31T06:48:04.000000Z"}, {"uuid": "6b38b73a-59f9-40dd-a010-ae5c7a412464", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39948", "type": "seen", "source": "https://t.me/cvedetector/2098", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-39948 - \"Dahua Denial of Service/Controller Crash\"\", \n  \"Content\": \"CVE ID : CVE-2024-39948 \nPublished : July 31, 2024, 4:15 a.m. | 25\u00a0minutes ago \nDescription : A vulnerability has been found in Dahua products.\u00a0Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"31 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-31T06:48:00.000000Z"}, {"uuid": "72168244-38fe-4e81-a943-f0e6fca36cad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39949", "type": "seen", "source": "https://t.me/cvedetector/2096", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-39949 - Dahua Denial of Service\", \n  \"Content\": \"CVE ID : CVE-2024-39949 \nPublished : July 31, 2024, 4:15 a.m. | 25\u00a0minutes ago \nDescription : A vulnerability has been found in Dahua products.\u00a0Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"31 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-31T06:47:58.000000Z"}, {"uuid": "f08eacec-f42d-4f8c-b163-a7b9f97f312d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39943", "type": "seen", "source": "https://t.me/cvedetector/74", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-39943 - rejetto HFS (aka HTTP File Server) 3 before 0.52.1\", \n  \"Content\": \"CVE ID : CVE-2024-39943 \nPublished : July 4, 2024, 11:15 p.m. | 17\u00a0minutes ago \nDescription : rejetto HFS (aka HTTP File Server) 3 before 0.52.10 on Linux, UNIX, and macOS allows OS command execution by remote authenticated users (if they have Upload permissions). This occurs because a shell is used to execute df (i.e., with execSync instead of spawnSync in child_process in Node.js). \nSeverity: 9.9 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-05T01:37:40.000000Z"}, {"uuid": "1ce274ba-3b27-4d6b-8e0a-d16da5a69a11", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39943", "type": "published-proof-of-concept", "source": "https://t.me/TheDarkWebInformer/1605", "content": "\ud83d\udea8PoC RELEASED\ud83d\udea8\"CVE-2024-39943 rejetto HFS (aka HTTP File Server) 3 before 0.52.10 on Linux, UNIX, and macOS allows OS command execution by remote authenticated users (if they have Upload permissions). This occurs because a shell is used to execute df (i.e., with execSync instead of spawnSync in child_process in Node.js).\"\n\nhttps://x.com/DarkWebInformer/status/1809222291945095352\n\nhttps://github.com/truonghuuphuc/CVE-2024-39943-Poc", "creation_timestamp": "2024-07-05T22:38:10.000000Z"}]}