Exploit Prices 08/11/2021

Type

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Remediation

Official Fix53
Temporary Fix0
Workaround3
Unavailable0
Not Defined46

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High0
Functional0
Proof-of-Concept4
Unproven0
Not Defined98

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Lang

The automatization and the exploitation of a security vulnerability is called an exploit. It is possible to determine the popularity and availability of programming languages used for creating such exploits.

CVSSv3 Base

≤10
≤20
≤36
≤425
≤533
≤68
≤722
≤85
≤92
≤101

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤36
≤426
≤532
≤618
≤716
≤81
≤92
≤101

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day

<1k17
<2k18
<5k33
<10k7
<25k26
<50k1
<100k0
≥100k0

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today

<1k44
<2k28
<5k27
<10k1
<25k2
<50k0
<100k0
≥100k0

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

Published0dayTodayTrVulnerabilityExpLangURLCTIEPSSCVE
08/11/2021$25k-$100k$5k-$25kNetgear XR500 access controlNot Defined
 
 
0.050.00885CVE-2021-38516
08/11/2021$5k-$25k$0-$5kNetgear XR500 stack-based overflowNot Defined
 
 
0.030.00885CVE-2021-38525
08/11/2021$5k-$25k$0-$5kNetgear RBK40 command injectionNot Defined
 
 
0.050.02055CVE-2021-38530
08/11/2021$5k-$25k$0-$5kNetgear D8500/R6900P/R7000P/R7100LG/WNDR3400v3/XR300 command injectionNot Defined
 
 
0.030.02055CVE-2021-38528
08/11/2021$5k-$25k$0-$5kNetgear XR500 command injectionNot Defined
 
 
0.030.02055CVE-2021-38527
08/11/2021$5k-$25k$0-$5kNetgear R6400/R6400v2/R6700v3/R6700v2/R6900v2/R7000P command injectionNot Defined
 
 
0.030.02055CVE-2021-38520
08/11/2021$5k-$25k$0-$5kNetgear R6400 stack-based overflowNot Defined
 
 
0.030.00885CVE-2021-38522
08/11/2021$5k-$25k$0-$5kNetgear WAC104 configNot Defined
 
 
0.040.00885CVE-2021-38532
08/11/2021$5k-$25k$0-$5kIntel Ethernet Controller 800 Driver Privilege EscalationNot Defined
 
 
0.070.00950CVE-2021-0002
08/11/2021$5k-$25k$0-$5kIntel Graphics Driver initializationNot Defined
 
 
0.030.00885CVE-2021-0061
08/11/2021$5k-$25k$0-$5kNetgear RAX200/RAX75/RAX80/RBK852/RBR850/RBS850 command injectionNot Defined
 
 
0.050.02055CVE-2021-38518
08/11/2021$5k-$25k$0-$5kNetgear AC2400 configNot Defined
 
 
0.070.00885CVE-2021-38531
08/11/2021$5k-$25k$5k-$25kD-Link DIR-825 HTTP Request vct_wan strchr memory corruptionNot Defined
 
 
0.050.00885CVE-2021-29296
08/11/2021$5k-$25k$0-$5kIntel Ethernet Controller X722/Ethernet Controller 800 RMDA Driver input validationNot Defined
 
 
0.040.00885CVE-2021-0084
08/11/2021$5k-$25k$0-$5kIntel Ethernet Adapter 800 Controller Firmware buffer overflowNot Defined
 
 
0.030.00890CVE-2021-0004
08/11/2021$5k-$25k$0-$5kNetgear RAX35/RAX38/RAX40 buffer overflowNot Defined
 
 
0.030.00885CVE-2021-38526
08/11/2021$5k-$25k$0-$5kNetgear D7800/R7800/R8900/R9000 command injectionNot Defined
 
 
0.050.02055CVE-2021-38529
08/11/2021$5k-$25k$0-$5kIntel NUC Pro Chassis Element AverMedia Capture Card uncontrolled search pathNot Defined
 
 
0.040.00885CVE-2021-0160
08/11/2021$5k-$25k$0-$5kIntel Graphics Drivers input validationNot Defined
 
 
0.030.00885CVE-2021-0062
08/11/2021$5k-$25k$0-$5kIntel NUC 9 Extreme Laptop Kit Kernel Mode Driver access controlNot Defined
 
 
0.030.00885CVE-2021-0196
08/11/2021$5k-$25k$0-$5kNetgear RAX80 command injectionNot Defined
 
 
0.040.02055CVE-2021-38519
08/11/2021$5k-$25k$5k-$25kDell PowerScale OneFS permission assignmentNot Defined
 
 
0.030.00885CVE-2021-21567
08/11/2021$5k-$25k$0-$5kNetgear XR500 improper authenticationNot Defined
 
 
0.030.00885CVE-2021-38514
08/11/2021$5k-$25k$0-$5kNetgear R8500 access controlNot Defined
 
 
0.040.00885CVE-2021-38539
08/11/2021$5k-$25k$0-$5kNetgear R6400/R7900P/R8000P/RAX75/RAX80 command injectionNot Defined
 
 
0.020.02055CVE-2021-38521
08/11/2021$5k-$25k$0-$5kNetgear R6400/RAX75/RAX80/XR300 out-of-bounds writeNot Defined
 
 
0.000.00885CVE-2021-38517
08/11/2021$5k-$25k$0-$5kNetgear R6400 stack-based overflowNot Defined
 
 
0.040.00885CVE-2021-38523
08/11/2021$5k-$25k$0-$5kNetgear RBS750 stack-based overflowNot Defined
 
 
0.000.00885CVE-2021-38524
08/11/2021$5k-$25k$0-$5kNetgear RBS750 improper authenticationNot Defined
 
 
0.040.00885CVE-2021-38513
08/11/2021$5k-$25k$0-$5kNetgear XR500 cross site scriptingNot Defined
 
 
0.030.00885CVE-2021-38538
08/11/2021$5k-$25k$0-$5kIntel Ethernet Controller 800 Driver information disclosureNot Defined
 
 
0.030.00885CVE-2021-0003
08/11/2021$5k-$25k$0-$5kNetgear EX3700/EX3800/EX6120/EX6130 cross-site request forgeryNot Defined
 
 
0.030.00885CVE-2021-32122
08/11/2021$5k-$25k$0-$5kIntel Ethernet Adapter 800 Firmware out-of-boundsNot Defined
 
 
0.060.00885CVE-2021-0009
08/11/2021$5k-$25k$0-$5kNetgear XR500 cross site scriptingNot Defined
 
 
0.030.00885CVE-2021-38534
08/11/2021$0-$5k$0-$5kNetgear RAX40 cross site scriptingNot Defined
 
 
0.000.00885CVE-2021-38533
08/11/2021$0-$5k$0-$5kDell EMC NetWorker API Service release of resourceNot Defined
 
 
0.030.00885CVE-2021-21600
08/11/2021$0-$5k$0-$5kD-Link DSP-W215 HTTP Request lighttpd null pointer dereferenceNot Defined
 
 
0.060.00885CVE-2021-29295
08/11/2021$0-$5k$0-$5kIntel Ethernet Adapter 800 Controller Firmware denial of serviceNot Defined
 
 
0.040.00885CVE-2021-0005
08/11/2021$0-$5k$0-$5kIntel Ethernet Adapter 800 Controller Firmware resource consumptionNot Defined
 
 
0.040.00885CVE-2021-0008
08/11/2021$0-$5k$0-$5kIntel Ethernet Adapter 800 Controller Firmware denial of serviceNot Defined
 
 
0.040.00885CVE-2021-0006

62 more entries are not shown

Might our Artificial Intelligence support you?

Check our Alexa App!