Commits 10/22/2021

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Entry

Field

Commit Conf

Approve Conf

IDUserEntryFieldChangeRemarksModeratedReasonC
11760863VulD...184605cve_nvd_summaryfirefly-iii is vulnerable to URL Redirection to Untrusted Sitemitre.org10/23/2021accepted
70
11760862VulD...184605identifier8662dfa4c0f71efef61c31dc015c6f723db8318d10/23/2021accepted
70
11760861VulD...184605confirm_urlhttps://huntr.dev/bounties/549a1040-9b5e-420b-9b80-20700dd9d592huntr.dev10/23/2021accepted
70
11760860VulD...184604cve_nvd_summaryInHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 cloud portal allows for self-registration of the affected product without any requirements to create an account, which may allow an attacker to have full control over the product and execute code within the internal network to which the product is connected.mitre.org10/22/2021accepted
70
11760859VulD...184604cve_nvd_summaryInHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 cloud portal allows for self-registration of the affected product without any requirements to create an account, which may allow an attacker to have full control over the product and execute code within the internal network to which the product is connected.mitre.org10/22/2021accepted
70
11760858VulD...184603cve_nvd_summaryInHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 authentication process response indicates and validates the existence of a username. This may allow an attacker to enumerate different user accounts.mitre.org10/22/2021accepted
70
11760857VulD...184603cve_nvd_summaryInHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 authentication process response indicates and validates the existence of a username. This may allow an attacker to enumerate different user accounts.mitre.org10/22/2021accepted
70
11760856VulD...184602cve_nvd_summaryInHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 management portal does not contain an X-FRAME-OPTIONS header, which an attacker may take advantage of by sending a link to an administrator that frames the router’s management portal and could lure the administrator to perform changes.mitre.org10/22/2021accepted
70
11760855VulD...184602cve_nvd_summaryInHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 management portal does not contain an X-FRAME-OPTIONS header, which an attacker may take advantage of by sending a link to an administrator that frames the router’s management portal and could lure the administrator to perform changes.mitre.org10/22/2021accepted
70
11760854VulD...184601cve_nvd_summaryfirefly-iii is vulnerable to Unrestricted Upload of File with Dangerous Typemitre.org10/22/2021accepted
70
11760853VulD...184601identifiera85b6420c19ace35134f896e094e1971d8c7954b10/22/2021accepted
70
11760852VulD...184601confirm_urlhttps://huntr.dev/bounties/5267ec1c-d204-40d2-bd4f-6c2dd495ee18huntr.dev10/22/2021accepted
70
11760851VulD...184600cve_nvd_summaryInHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to an attacker using a traceroute tool to inject commands into the device. This may allow the attacker to remotely run commands on behalf of the device.mitre.org10/22/2021accepted
70
11760850VulD...184600cve_nvd_summaryInHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to an attacker using a traceroute tool to inject commands into the device. This may allow the attacker to remotely run commands on behalf of the device.mitre.org10/22/2021accepted
70
11760849VulD...184599cve_nvd_summaryInHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to an attacker using a ping tool to inject commands into the device. This may allow the attacker to remotely run commands on behalf of the device.mitre.org10/22/2021accepted
70
11760848VulD...184599cve_nvd_summaryInHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to an attacker using a ping tool to inject commands into the device. This may allow the attacker to remotely run commands on behalf of the device.mitre.org10/22/2021accepted
70
11760847VulD...184598cve_nvd_summaryInHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 have inadequate encryption strength, which may allow an attacker to intercept the communication and steal sensitive information or hijack the session.mitre.org10/22/2021accepted
70
11768495VulD...185270price_trend+see exploit price documentation10/22/2021accepted
90
11768494VulD...185270price_0day$5k-$25ksee exploit price documentation10/22/2021accepted
90
11768493VulD...185270cvss3_meta_tempscore6.2see CVSS documentation10/22/2021accepted
90
11768492VulD...185270cvss3_meta_basescore6.5see CVSS documentation10/22/2021accepted
90
11768491VulD...185270cvss3_vuldb_tempscore6.2see CVSS documentation10/22/2021accepted
90
11768490VulD...185270cvss3_vuldb_basescore6.5see CVSS documentation10/22/2021accepted
90
11768489VulD...185270cvss2_vuldb_tempscore5.9see CVSS documentation10/22/2021accepted
90
11768488VulD...185270cvss2_vuldb_basescore6.8see CVSS documentation10/22/2021accepted
90
11768487VulD...185270cvss3_vuldb_eXderived from historical data10/22/2021accepted
80
11768486VulD...185270cvss2_vuldb_eNDderived from historical data10/22/2021accepted
80
11768485VulD...185270cvss2_vuldb_auSderived from historical data10/22/2021accepted
80
11768484VulD...185270cvss2_vuldb_rlOFderived from vuldb v3 vector10/22/2021accepted
80
11768483VulD...185270cvss2_vuldb_rcCderived from vuldb v3 vector10/22/2021accepted
80
11768482VulD...185270cvss2_vuldb_aiCderived from vuldb v3 vector10/22/2021accepted
80
11768481VulD...185270cvss2_vuldb_iiNderived from vuldb v3 vector10/22/2021accepted
80
11768480VulD...185270cvss2_vuldb_ciNderived from vuldb v3 vector10/22/2021accepted
80
11768479VulD...185270cvss2_vuldb_acLderived from vuldb v3 vector10/22/2021accepted
80
11768478VulD...185270cvss2_vuldb_avNderived from vuldb v3 vector10/22/2021accepted
80
11768477VulD...185270typeSmartphone Operating System10/22/2021accepted
90
11768476VulD...185270date1634853600 (10/22/2021)10/22/2021accepted
90
11768475VulD...185270cve_assigned1604617200mitre.org10/22/2021accepted
90
11768474VulD...185270cveCVE-2021-0706mitre.org10/22/2021accepted
90
11768473VulD...185270namePatch10/22/2021accepted
90
11768472VulD...185270urlhttps://source.android.com/security/bulletin/2021-10-01source.android.com10/22/2021accepted
90
11768471VulD...185270identifierA-19344488910/22/2021accepted
90
11768470VulD...185270cvss3_vuldb_rcCsee CVSS documentation10/22/2021accepted
90
11768469VulD...185270cvss3_vuldb_rlOsee CVSS documentation10/22/2021accepted
90
11768468VulD...185270cvss3_vuldb_aHsee CVSS documentation10/22/2021accepted
90
11768467VulD...185270cvss3_vuldb_iNsee CVSS documentation10/22/2021accepted
90
11768466VulD...185270cvss3_vuldb_cNsee CVSS documentation10/22/2021accepted
90
11768465VulD...185270cvss3_vuldb_sUsee CVSS documentation10/22/2021accepted
90
11768464VulD...185270cvss3_vuldb_uiNsee CVSS documentation10/22/2021accepted
90
11768463VulD...185270cvss3_vuldb_prLsee CVSS documentation10/22/2021accepted
90
11768462VulD...185270cvss3_vuldb_acLsee CVSS documentation10/22/2021accepted
90
11768461VulD...185270cvss3_vuldb_avNsee CVSS documentation10/22/2021accepted
90
11768460VulD...185270risk1see risk documentation10/22/2021accepted
90
11768459VulD...185270cwe404 (denial of service)10/22/2021accepted
90
11768458VulD...185270functionstartListening10/22/2021accepted
90
11768457VulD...185270filePluginManagerImpl.java10/22/2021accepted
90
11768456VulD...185270version8.1/9.0/10.0/11.0see version documentation10/22/2021accepted
90
11768455VulD...185270nameAndroid10/22/2021accepted
90
11768454VulD...185270vendorGoogle10/22/2021accepted
90
11768453VulD...185269price_trend+see exploit price documentation10/22/2021accepted
90
11768452VulD...185269price_0day$25k-$100ksee exploit price documentation10/22/2021accepted
90
11768451VulD...185269cvss3_meta_tempscore6.0see CVSS documentation10/22/2021accepted
90
11768450VulD...185269cvss3_meta_basescore6.3see CVSS documentation10/22/2021accepted
90
11768449VulD...185269cvss3_vuldb_tempscore6.0see CVSS documentation10/22/2021accepted
90
11768448VulD...185269cvss3_vuldb_basescore6.3see CVSS documentation10/22/2021accepted
90
11768447VulD...185269cvss2_vuldb_tempscore5.7see CVSS documentation10/22/2021accepted
90
11768446VulD...185269cvss2_vuldb_basescore6.5see CVSS documentation10/22/2021accepted
90
11768445VulD...185269cvss3_vuldb_eXderived from historical data10/22/2021accepted
80
11768444VulD...185269cvss2_vuldb_eNDderived from historical data10/22/2021accepted
80
11768443VulD...185269cvss2_vuldb_auSderived from historical data10/22/2021accepted
80
11768442VulD...185269cvss2_vuldb_rlOFderived from vuldb v3 vector10/22/2021accepted
80
11768441VulD...185269cvss2_vuldb_rcCderived from vuldb v3 vector10/22/2021accepted
80
11768440VulD...185269cvss2_vuldb_aiPderived from vuldb v3 vector10/22/2021accepted
80
11768439VulD...185269cvss2_vuldb_iiPderived from vuldb v3 vector10/22/2021accepted
80
11768438VulD...185269cvss2_vuldb_ciPderived from vuldb v3 vector10/22/2021accepted
80
11768437VulD...185269cvss2_vuldb_acLderived from vuldb v3 vector10/22/2021accepted
80
11768436VulD...185269cvss2_vuldb_avNderived from vuldb v3 vector10/22/2021accepted
80
11768435VulD...185269typeSmartphone Operating System10/22/2021accepted
90
11768434VulD...185269date1634853600 (10/22/2021)10/22/2021accepted
90
11768433VulD...185269cve_assigned1604617200mitre.org10/22/2021accepted
90
11768432VulD...185269cveCVE-2021-0703mitre.org10/22/2021accepted
90
11768431VulD...185269namePatch10/22/2021accepted
90
11768430VulD...185269urlhttps://source.android.com/security/bulletin/2021-10-01source.android.com10/22/2021accepted
90
11768429VulD...185269identifierA-18456932910/22/2021accepted
90
11768428VulD...185269cvss3_vuldb_rcCsee CVSS documentation10/22/2021accepted
90
11768427VulD...185269cvss3_vuldb_rlOsee CVSS documentation10/22/2021accepted
90
11768426VulD...185269cvss3_vuldb_aLsee CVSS documentation10/22/2021accepted
90
11768425VulD...185269cvss3_vuldb_iLsee CVSS documentation10/22/2021accepted
90
11768424VulD...185269cvss3_vuldb_cLsee CVSS documentation10/22/2021accepted
90
11768423VulD...185269cvss3_vuldb_sUsee CVSS documentation10/22/2021accepted
90
11768422VulD...185269cvss3_vuldb_uiNsee CVSS documentation10/22/2021accepted
90
11768421VulD...185269cvss3_vuldb_prLsee CVSS documentation10/22/2021accepted
90
11768420VulD...185269cvss3_vuldb_acLsee CVSS documentation10/22/2021accepted
90
11768419VulD...185269cvss3_vuldb_avNsee CVSS documentation10/22/2021accepted
90
11768418VulD...185269risk2see risk documentation10/22/2021accepted
90
11768417VulD...185269cwe416 (memory corruption)10/22/2021accepted
90
11768416VulD...185269functionshared_ptr10/22/2021accepted
90
11768415VulD...185269fileinit.cpp10/22/2021accepted
90
11768414VulD...185269version11.0see version documentation10/22/2021accepted
90
11768413VulD...185269nameAndroid10/22/2021accepted
90

Interested in the pricing of exploits?

See the underground prices here!