Exploit Prices 02/10/2022

Type

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Remediation

Official Fix141
Temporary Fix0
Workaround0
Unavailable0
Not Defined73

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High0
Functional0
Proof-of-Concept0
Unproven0
Not Defined214

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Lang

The automatization and the exploitation of a security vulnerability is called an exploit. It is possible to determine the popularity and availability of programming languages used for creating such exploits.

CVSSv3 Base

≤10
≤20
≤33
≤444
≤547
≤652
≤739
≤812
≤92
≤1015

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤35
≤446
≤543
≤667
≤727
≤810
≤91
≤1015

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day

<1k34
<2k38
<5k55
<10k37
<25k35
<50k15
<100k0
≥100k0

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today

<1k107
<2k21
<5k42
<10k34
<25k10
<50k0
<100k0
≥100k0

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

Published0dayTodayTrVulnerabilityExpLangURLCTIEPSSCVE
02/10/2022$25k-$100k$5k-$25kCisco Small Business RV345 stack-based overflowNot Defined
 
 
0.050.02398CVE-2022-20707
02/10/2022$25k-$100k$5k-$25kCisco Small Business RV345 stack-based overflowNot Defined
 
 
0.040.01086CVE-2022-20712
02/10/2022$25k-$100k$5k-$25kCisco Small Business RV345 stack-based overflowNot Defined
 
 
0.000.01005CVE-2022-20701
02/10/2022$25k-$100k$5k-$25kCisco Small Business RV345 stack-based overflowNot Defined
 
 
0.040.01440CVE-2022-20702
02/10/2022$25k-$100k$5k-$25kCisco Small Business RV345 stack-based overflowNot Defined
 
 
0.000.01086CVE-2022-20710
02/10/2022$25k-$100k$5k-$25kCisco Small Business RV345 stack-based overflowNot Defined
 
 
0.080.01440CVE-2022-20711
02/10/2022$25k-$100k$5k-$25kCisco Small Business RV345 stack-based overflowNot Defined
 
 
0.000.68501CVE-2022-20699
02/10/2022$25k-$100k$5k-$25kCisco Small Business RV345 stack-based overflowNot Defined
 
 
0.000.02398CVE-2022-20705
02/10/2022$25k-$100k$5k-$25kCisco Small Business RV345 stack-based overflowNot Defined
 
 
0.040.01440CVE-2022-20708
02/10/2022$25k-$100k$5k-$25kCisco Small Business RV345 stack-based overflowNot Defined
 
 
0.090.01086CVE-2022-20700
02/10/2022$25k-$100k$5k-$25kCisco Small Business RV345 stack-based overflowNot Defined
 
 
0.030.01490CVE-2022-20703
02/10/2022$25k-$100k$5k-$25kCisco Small Business RV345 stack-based overflowNot Defined
 
 
0.090.01086CVE-2022-20749
02/10/2022$25k-$100k$5k-$25kCisco Small Business RV345 stack-based overflowNot Defined
 
 
0.090.01440CVE-2022-20704
02/10/2022$25k-$100k$5k-$25kCisco Small Business RV345 stack-based overflowNot Defined
 
 
0.050.01440CVE-2022-20706
02/10/2022$25k-$100k$5k-$25kCisco Small Business RV345 stack-based overflowNot Defined
 
 
0.050.01440CVE-2022-20709
02/10/2022$5k-$25k$5k-$25kIntel PROSet/Wireless WiFi/Killer WiFi access controlNot Defined
 
 
0.050.00885CVE-2021-0164
02/10/2022$5k-$25k$5k-$25kIntel Kernelflinger out-of-bounds writeNot Defined
 
 
0.020.00885CVE-2021-33137
02/10/2022$5k-$25k$5k-$25kIntel PROSet/Wireless WiFi/Killer WiFi Remote Code ExecutionNot Defined
 
 
0.030.00885CVE-2021-0163
02/10/2022$5k-$25k$0-$5kSAP NetWeaver Application Server Java Server Request memory corruptionNot Defined
 
 
0.040.00885CVE-2022-22532
02/10/2022$5k-$25k$5k-$25kIntel PROSet/Wireless WiFi/Killer WiFi unknown vulnerabilityNot Defined
 
 
0.030.00885CVE-2021-33113
02/10/2022$5k-$25k$0-$5kCisco Umbrella Secure Web Gateway File Inspection protection mechanismNot Defined
 
 
0.030.01055CVE-2022-20738
02/10/2022$5k-$25k$5k-$25kIntel PROSet/Wireless WiFi/Killer WiFi input validationNot Defined
 
 
0.060.00885CVE-2021-0066
02/10/2022$5k-$25k$5k-$25kIntel PROSet/Wireless WiFi/Killer WiFi input validationNot Defined
 
 
0.000.00885CVE-2021-0168
02/10/2022$5k-$25k$5k-$25kIntel PROSet/Wireless WiFi/Killer WiFi input validationNot Defined
 
 
0.000.00885CVE-2021-0161
02/10/2022$5k-$25k$5k-$25kIntel PROSet/Wireless WiFi uncontrolled search pathNot Defined
 
 
0.070.00885CVE-2021-0169
02/10/2022$5k-$25k$0-$5kSAP NetWeaver Application Server ABAP request smugglingNot Defined
 
 
0.040.19548CVE-2022-22536
02/10/2022$5k-$25k$5k-$25kCitrix Workspace App App Protection access controlNot Defined
 
 
0.030.00885CVE-2022-21825
02/10/2022$5k-$25k$0-$5kIntel Quartus Prime Pro Edition input validationNot Defined
 
 
0.040.00885CVE-2021-44454
02/10/2022$5k-$25k$0-$5kIntel Quartus Prime Pro Edition permissionNot Defined
 
 
0.040.00885CVE-2022-21204
02/10/2022$5k-$25k$0-$5kIntel Advisor access controlNot Defined
 
 
0.060.00885CVE-2021-23152
02/10/2022$5k-$25k$0-$5kIntel Advisor default permissionNot Defined
 
 
0.060.00885CVE-2021-33129
02/10/2022$5k-$25k$0-$5kSAP Adaptive Server Enterprise Environment Variable access controlNot Defined
 
 
0.030.00885CVE-2022-22528
02/10/2022$5k-$25k$0-$5kIntel Quartus Prime Pro Edition access controlNot Defined
 
 
0.030.00885CVE-2022-21174
02/10/2022$5k-$25k$0-$5kIntel GPA uncontrolled search pathNot Defined
 
 
0.030.00885CVE-2021-33101
02/10/2022$5k-$25k$0-$5kIntel Quartus Prime Standard Edition SafeNet Sentinel Driver permissionNot Defined
 
 
0.000.00885CVE-2022-21203
02/10/2022$5k-$25k$5k-$25kIntel PROSet/Wireless WiFi/Killer WiFi input validationNot Defined
 
 
0.030.00885CVE-2021-0162
02/10/2022$5k-$25k$5k-$25kIntel PROSet/Wireless WiFi input validationNot Defined
 
 
0.020.00885CVE-2021-33115
02/10/2022$5k-$25k$0-$5kHuawei EMUI memory corruptionNot Defined
 
 
0.030.00885CVE-2021-37107
02/10/2022$5k-$25k$0-$5kHuawei EMUI Modem memory corruptionNot Defined
 
 
0.050.00885CVE-2021-37109
02/10/2022$5k-$25k$0-$5kHuawei EMUI memory corruptionNot Defined
 
 
0.050.00885CVE-2021-37115
02/10/2022$5k-$25k$0-$5kHuawei EMUI Privilege EscalationNot Defined
 
 
0.060.00885CVE-2021-39994
02/10/2022$5k-$25k$0-$5kSAP NetWeaver code injectionNot Defined
 
 
0.050.00885CVE-2022-22534
02/10/2022$5k-$25k$0-$5kSAP NetWeaver Application Server Java use after freeNot Defined
 
 
0.040.00885CVE-2022-22533
02/10/2022$5k-$25k$5k-$25kHuawei Smartphone Bluetooth permissionNot Defined
 
 
0.030.00885CVE-2021-40044
02/10/2022$5k-$25k$0-$5kSAP ERP HCM Portugal Payroll Data authorizationNot Defined
 
 
0.050.00885CVE-2022-22535
02/10/2022$5k-$25k$0-$5kHuawei EMUI permissionNot Defined
 
 
0.000.00885CVE-2021-39992
02/10/2022$5k-$25k$0-$5kHuawei EMUI memory corruptionNot Defined
 
 
0.030.00885CVE-2021-39991
02/10/2022$5k-$25k$0-$5kHuawei EMUI memory corruptionNot Defined
 
 
0.030.00885CVE-2021-39986
02/10/2022$5k-$25k$5k-$25kDell Product BIOS Firmware data authenticityNot Defined
 
 
0.050.00885CVE-2022-22567
02/10/2022$5k-$25k$5k-$25kIntel Atom out-of-boundsNot Defined
 
 
0.040.00885CVE-2021-33120

164 more entries are not shown

Interested in the pricing of exploits?

See the underground prices here!