Uniway UW-302VP 2.0 Admin Web Interface wlan_basic_set.cgi wlanssid/password 跨网站请求伪造

CVSS 元温度得分当前攻击价格 (≈)CTI兴趣分数
4.1$0-$5k0.00

一览

Uniway UW-302VP 2.0中曾发现一漏洞,此漏洞被评为棘手。 此漏洞会影响某些未知进程文件/boaform/wlan_basic_set.cgi的组件Admin Web Interface。 手动调试的软件参数:wlanssid/password不合法输入可导致 跨网站请求伪造。 漏洞的CWE定义是 CWE-352。 此漏洞的脆弱性 2023-12-24所分享。 阅读公告的网址是drive.google.com。 该漏洞被标识为CVE-2023-7092, 远程可以启动攻击, 有技术细节可用。 此外还有一个漏洞可利用。 该漏洞利用已公开,可能会被利用。 当前漏洞利用的价值为美元大约是$0-$5k 。 它被宣布为proof-of-concept。 以下网址提供该漏洞利用:drive.google.com。 我们估计的零日攻击价值约为$0-$5k。 该漏洞被披露后,此前未曾发表过可能的缓解措施。 [细节]

IOB - Indicator of Behavior (1315)

时间轴

语言

en1216
de26
ja12
fr10
pt8

国家/地区

in240
gb202
us180
fr38
de34

演员

活动

IOC - Indicator of Compromise (34)

These indicators of compromise highlight associated network ranges which are known to be part of research and attack activities.

IDIP range参与者类型可信度
13.73.132.0/24Sliverpredictive
23.76.214.0/24Cobalt Strikepredictive
33.121.109.0/24Cobalt Strikepredictive
45.135.8.0/24Ponypredictive
5X.XXX.XX.X/XXXxxxxxpredictive
6XX.XXX.XXX.X/XXXxxxxxx Xxxxxxxpredictive
7XX.XX.XXX.X/XXXxxxxxpredictive
8XX.XX.XXX.X/XXXxxxxpredictive
9XX.XXX.XXX.X/XXXxxxxxxpredictive
10XX.XXX.XX.X/XXXxxxxpredictive
11XX.XXX.XX.X/XXXxxxxpredictive
12XX.XX.XXX.X/XXXxxxxxxxpredictive
13XX.XX.XXX.X/XXXxxxxxxpredictive
14XXX.XX.XX.X/XXXxx Xxxxxpredictive
15XXX.XXX.XXX.X/XXXxxxxxxxxxxxxxxpredictive
16XXX.XXX.XX.X/XXXxxxxxpredictive
17XXX.XXX.XXX.X/XXXxxxxx Xxxxxxpredictive
18XXX.XX.XX.X/XXXxxxxxxxxxpredictive
19XXX.XXX.XXX.X/XXXxxxpredictive
20XXX.XXX.XX.X/XXXxxxxx Xxxxxxpredictive
21XXX.XXX.XX.X/XXXxxxxpredictive
22XXX.XX.XX.X/XXXxxxxxxxxxxpredictive
23XXX.XX.XXX.X/XXXxxxxxpredictive
24XXX.XX.XXX.X/XXXxxxxxxxxpredictive
25XXX.XXX.XXX.X/XXXxxxx Xxxxxxxpredictive
26XXX.XXX.XXX.X/XXXxxxxxxxx Xxxxxxpredictive
27XXX.XXX.XX.X/XXXxx-x-xxpredictive
28XXX.XX.XXX.X/XXXxxxxxpredictive
29XXX.XX.XXX.X/XXXxxxxx Xxxpredictive
30XXX.XXX.XXX.X/XXXxxxxxx Xxxxxxxpredictive
31XXX.XXX.XX.X/XXXxxxpredictive
32XXX.XXX.XXX.X/XXXxxxxpredictive
33XXX.XXX.XXX.X/XXXxxxxpredictive
34XXX.XX.XX.X/XXXxxxxpredictive

IOA - Indicator of Attack (3)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1File/boaform/wlan_basic_set.cgiverified
2Argumentxxxxxxxxverified
3Argumentxxxxxxxx/xxxxxxxxverified

Want to stay up to date on a daily basis?

Enable the mail alert feature now!