Sep 16, 2021 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 9 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2020-14119 Mi Ax3600 Command Injection

  • CVSS 9.8

New critical Mi Ax3600 Command Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2020-14124 Mi Ax3600 Firmware Code Execution

  • CVSS 9.8
  • Remote code execution exposure

New critical Mi Ax3600 Firmware Code Execution (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2021-40669 Wuzhicms SQL Injection

  • CVSS 9.8

New critical Wuzhicms SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2020-14119 CVSS 9.8

There is command injection in the addMeshNode interface of xqnetwork.lua, which leads to command execution under administrator authority...

CVE-2020-14124 CVSS 9.8

There is a buffer overflow in librsa.so called by getwifipwdurl interface, resulting in code execution on Xiaomi router AX3600 with ROM v...

CVE-2021-20790 CVSS 9.6

Improper control of program execution vulnerability in RevoWorks Browser 2.1.230 and earlier allows an attacker to execute an arbitrary c...

CVE-2021-20791 CVSS 9.3

Improper access control vulnerability in RevoWorks Browser 2.1.230 and earlier allows an attacker to bypass access restriction and to exc...

CVE-2021-27341 CVSS 9.8

OpenSIS Community Edition version <= 7.6 is affected by a local file inclusion vulnerability in DownloadWindow.php via the "filename" par...

CVE-2021-39275 CVSS 9.8

ap_escape_quotes() may write beyond the end of a buffer when given malicious input.

Apache HTTP Server-Side Request Forgery (SSRF)

CVE-2021-40669 CVSS 9.8

SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords parameter under the coreframe/app/promote/admin/index.php file.

CVE-2021-40670 CVSS 9.8

SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords iparameter under the /coreframe/app/order/admin/card.php file.

View critical disclosures

cvelogic Threat Intelligence