Jun 9, 2021 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Intelbras Rf 301k Firmware: public exploit or PoC linked (CSRF)
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Active exploit activity

CVE-2021-32403 Intelbras Rf 301k Firmware CSRF

  • Public exploit or PoC available
  • Exploit activity linked

Intelbras Rf 301k Firmware CSRF now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Critical exposure

CVE-2021-33841 Circutor Sge-plc1000 Firmware privilege escalation

  • CVSS 10
  • Potential privilege escalation to admin/root

New critical Circutor Sge-plc1000 Firmware privilege escalation (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2020-11176 Qualcomm Apq8017 Firmware Memory Corruption

  • CVSS 9.8

New critical Qualcomm Apq8017 Firmware Memory Corruption (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

CVE-2021-32403 Exploit

Intelbras Router RF 301K Firmware 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF) due to lack of security mechanisms for token p...

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2020-11134 CVSS 9.8

Possible stack out of bound write might happen due to time bitmap length and bit duration fields of the attributes like NAN ranging setup...

CVE-2020-11159 CVSS 9.1

Buffer over-read can happen while processing WPA,RSN IE of beacon and response frames if IE length is less than length of frame pointer b...

CVE-2020-11176 CVSS 9.8

While processing server certificate from IPSec server, certificate validation for subject alternative name API can cause heap overflow wh...

CVE-2020-11182 CVSS 9.8

Possible heap overflow while parsing NAL header due to lack of check of length of data received from user in Snapdragon Auto, Snapdragon...

CVE-2020-11291 CVSS 9.8

Possible buffer overflow while updating ikev2 parameters for delete payloads received during informational exchange due to lack of check...

CVE-2020-15377 CVSS 9.8

Webtools in Brocade SANnav before version 2.1.1 allows unauthenticated users to make requests to arbitrary hosts due to a misconfiguratio...

CVE-2021-23847 CVSS 9.8

A Missing Authentication in Critical Function in Bosch IP cameras allows an unauthenticated remote attacker to extract sensitive informat...

CVE-2021-33357 CVSS 9.8

A vulnerability exists in RaspAP 2.6 to 2.6.5 in the "iface" GET parameter in /ajax/networking/get_netcfg.php, when the "iface" parameter...

CVE-2021-33833 CVSS 9.8

ConnMan (aka Connection Manager) 1.30 through 1.39 has a stack-based buffer overflow in uncompress in dnsproxy.c via NAME, RDATA, or RDLE...

CVE-2021-33841 CVSS 10

SGE-PLC1000 device, in its 0.9.2b firmware version, does not handle some requests correctly, allowing a remote attacker to inject code in...

View critical disclosures

cvelogic Threat Intelligence