Update Tue Jul 4 00:12:30 UTC 2023

2021/CVE-2021-45643.md

@@ -0,0 +1,17 @@
+### [CVE-2021-45643](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45643)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects R6400v2 before 1.0.4.118, R6700v3 before 1.0.4.118, and XR1000 before 1.0.0.58.
+
+### POC
+
+#### Reference
+- https://kb.netgear.com/000064159/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-PSV-2021-0035
+
+#### Github
+No PoCs found on GitHub currently.
+

2022/CVE-2022-34850.md

@@ -0,0 +1,17 @@
+### [CVE-2022-34850](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34850)
+![](https://img.shields.io/static/v1?label=Product&message=R1510&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%203.1.16%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-78%3A%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20OS%20Command%20('OS%20Command%20Injection')&color=brighgreen)
+
+### Description
+
+An OS command injection vulnerability exists in the web_server /action/import_authorized_keys/ functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability.
+
+### POC
+
+#### Reference
+- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1578
+
+#### Github
+No PoCs found on GitHub currently.
+

2023/CVE-2023-28121.md

@@ -10,7 +10,7 @@ An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower)
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://www.rcesecurity.com/2023/07/patch-diffing-cve-2023-28121-to-compromise-a-woocommerce/
 
 #### Github
 - https://github.com/gbrsh/CVE-2023-28121

2023/CVE-2023-33580.md

@@ -11,6 +11,7 @@ Phpgurukul Student Study Center Management System V1.0 is vulnerable to Cross Si
 
 #### Reference
 - http://packetstormsecurity.com/files/173030/Student-Study-Center-Management-System-1.0-Cross-Site-Scripting.html
+- https://www.exploit-db.com/exploits/51528
 
 #### Github
 No PoCs found on GitHub currently.

references.txt

@@ -70676,6 +70676,7 @@ CVE-2021-45608 - https://www.sentinelone.com/labs/cve-2021-45608-netusb-rce-flaw
 CVE-2021-45615 - https://kb.netgear.com/000064514/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-and-WiFi-Systems-PSV-2020-0521
 CVE-2021-45619 - https://kb.netgear.com/000064492/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0435
 CVE-2021-45631 - https://kb.netgear.com/000064136/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0504
+CVE-2021-45643 - https://kb.netgear.com/000064159/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-PSV-2021-0035
 CVE-2021-45653 - https://kb.netgear.com/000064163/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-WiFi-Systems-PSV-2021-0047
 CVE-2021-45658 - https://kb.netgear.com/000064062/Security-Advisory-for-Server-Side-Injection-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2019-0125
 CVE-2021-45664 - https://kb.netgear.com/000064076/Security-Advisory-for-Stored-Cross-Site-Scripting-on-R7000-PSV-2020-0011
@@ -75238,6 +75239,7 @@ CVE-2022-34753 - http://packetstormsecurity.com/files/167783/Schneider-Electric-
 CVE-2022-34756 - https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-193-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-193-04_Easergy_P5_Security_Notification.pdf
 CVE-2022-34757 - https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-193-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-193-04_Easergy_P5_Security_Notification.pdf
 CVE-2022-34758 - https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-193-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-193-04_Easergy_P5_Security_Notification.pdf
+CVE-2022-34850 - https://talosintelligence.com/vulnerability_reports/TALOS-2022-1578
 CVE-2022-3486 - https://gitlab.com/gitlab-org/gitlab/-/issues/377810
 CVE-2022-34873 - https://www.foxit.com/support/security-bulletins.html
 CVE-2022-34874 - https://www.foxit.com/support/security-bulletins.html
@@ -79189,6 +79191,7 @@ CVE-2023-28100 - https://marc.info/?l=oss-security&m=167879021709955&w=2
 CVE-2023-28102 - https://securitylab.github.com/advisories/GHSL-2022-094_discordrb/
 CVE-2023-28106 - https://huntr.dev/bounties/fa77d780-9b23-404b-8c44-12108881d11a
 CVE-2023-28115 - https://github.com/KnpLabs/snappy/security/advisories/GHSA-gq6w-q6wh-jggc
+CVE-2023-28121 - https://www.rcesecurity.com/2023/07/patch-diffing-cve-2023-28121-to-compromise-a-woocommerce/
 CVE-2023-28128 - http://packetstormsecurity.com/files/172398/Ivanti-Avalanche-FileStoreConfig-Shell-Upload.html
 CVE-2023-28131 - https://www.darkreading.com/endpoint/oauth-flaw-in-expo-platform-affects-hundreds-of-third-party-sites-apps
 CVE-2023-28140 - https://www.qualys.com/security-advisories/
@@ -79769,6 +79772,7 @@ CVE-2023-33538 - https://github.com/a101e-IoTvul/iotvul/blob/main/tp-link/3/TL-W
 CVE-2023-33546 - https://github.com/janino-compiler/janino/issues/201
 CVE-2023-33568 - https://www.dsecbypass.com/en/dolibarr-pre-auth-contact-database-dump/
 CVE-2023-33580 - http://packetstormsecurity.com/files/173030/Student-Study-Center-Management-System-1.0-Cross-Site-Scripting.html
+CVE-2023-33580 - https://www.exploit-db.com/exploits/51528
 CVE-2023-33584 - http://packetstormsecurity.com/files/172718/Enrollment-System-Project-1.0-Authentication-Bypass-SQL-Injection.html
 CVE-2023-33584 - https://packetstormsecurity.com/files/cve/CVE-2023-33584
 CVE-2023-33595 - https://github.com/python/cpython/issues/103824