CVE-2021-25502
published 2021-11-05CVE-2021-25502: A vulnerability of storing sensitive information insecurely in Property Settings prior to SMR Nov-2021 Release 1 allows attackers to read ESN value without…
PriorityP422medium5.5CVSS 3.1
AVLACLPRLUINSUCHINAN
EPSS
0.07%
0.0th percentile
A vulnerability of storing sensitive information insecurely in Property Settings prior to SMR Nov-2021 Release 1 allows attackers to read ESN value without priviledge.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| samsung_mobile | samsung_mobile_devices | >= O(8.1), P(9.0), Q(10.0), R(11.0) < SMR Nov-2021 Release 1 | SMR Nov-2021 Release 1 |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Unit42
New Mirai Variant Targeting Network Security Devices
blogs_unit42·2021-03-16·CVSS 7.5
CVE-2019-19356 [HIGH] New Mirai Variant Targeting Network Security Devices
Threat Research Center
Threat Research
Vulnerabilities
## New Mirai Variant Targeting Network Security Devices
Vaibhav Singhal
Ruchna Nigam
Zhibin Zhang
Asher Davila
Published: March 15, 2021
Threat Research
Vulnerabilities
CVE-2019-19356
CVE-2020-25506
CVE-2020-26919
CVE-2021-22502
CVE-2021-27561
CVE-2021-27562
IoT
Mirai
VisualDoor
## Executive Summary
On Feb. 16, 2021, Unit 42 researchers discovered attacks leveraging a number of vulnerabilities, including:
VisualDoor (a SonicWall SSL-VPN exploit).
CVE-2020-25506 (a D-Link DNS-320 firewall exploit).
CVE-2020-26919 (a Netgear ProSAFE Plus exploit).
Possibly CVE-2019-19356 (a Netis WF2419 wireless router exploit).
Three other IoT vulnerabilities yet to be identified.
On Feb. 23, 2021, one of the IPs involved
Unit42
New Mirai Variant Targeting Network Security Devices
blogs_unit42·2021-03-16·CVSS 7.5
CVE-2020-25506 [HIGH] New Mirai Variant Targeting Network Security Devices
## Executive Summary
On Feb. 16, 2021, Unit 42 researchers discovered attacks leveraging a number of vulnerabilities, including:
- VisualDoor (a SonicWall SSL-VPN exploit).
- CVE-2020-25506 (a D-Link DNS-320 firewall exploit).
- CVE-2020-26919 (a Netgear ProSAFE Plus exploit).
- Possibly CVE-2019-19356 (a Netis WF2419 wireless router exploit).
- Three other IoT vulnerabilities yet to be identified.
On Feb. 23, 2021, one of the IPs involved in the attack was updated to serve a Mirai variant leveraging CVE-2021-27561 and CVE-2021-27562, mere hours after vulnerability details were published. On March 3, 2021, the same samples were served from a third IP address, with the addition of an exploit leveraging CVE-2021-22502. Furthermore, on March 13, an exploit targeting CVE-2020-26919 was also
2021-11-05
Published