Apr 6, 2023 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Seowonintech Swc-5100w Firmware: public exploit or PoC linked (Command Injection)
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Active exploit activity

CVE-2020-11798 Mitel Micollab Audio\, Web \& Video Conferencing Directory Traversal

  • Public exploit or PoC available
  • Exploit activity linked

Mitel Micollab Audio\, Web \& Video Conferencing Directory Traversal now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Active exploit activity

CVE-2022-28368 Dompdf Project Dompdf RCE

  • Public exploit or PoC available
  • Exploit activity linked
  • Remote code execution exposure

Dompdf Project Dompdf RCE now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Critical exposure

CVE-2023-26848 Totolink A7100ru Firmware Command Injection

  • CVSS 9.8

New critical Totolink A7100ru Firmware Command Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

CVE-2023-27826 Exploit

SeowonIntech SWC 5100W WIMAX Bootloader 1.18.19.0, HW 0.0.7.0, and FW 1.11.0.1, 1.9.9.4 are vulnerable to OS Command Injection.

CVE-2023-24217 Exploit

AgileBio Electronic Lab Notebook v4.234 was discovered to contain a local file inclusion vulnerability.

CVE-2023-23156 Exploit

Art Gallery Management System Project in PHP 1.0 was discovered to contain a SQL injection vulnerability via the pid parameter in the sin...

CVE-2023-26609 Exploit

ABUS TVIP 20000-21150 devices allows remote attackers to execute arbitrary code via shell metacharacters in the /cgi-bin/mft/wireless_mft...

CVE-2023-0961 Exploit

A vulnerability was found in SourceCodester Music Gallery Site 1.0.

CVE-2023-0962 Exploit

A vulnerability was found in SourceCodester Music Gallery Site 1.0.

CVE-2023-0963 Exploit

A vulnerability was found in SourceCodester Music Gallery Site 1.0.

CVE-2023-0938 Exploit

A vulnerability classified as critical has been found in SourceCodester Music Gallery Site 1.0.

CVE-2023-0943 Exploit

A vulnerability, which was classified as problematic, has been found in SourceCodester Best POS Management System 1.0.

CVE-2023-0915 Exploit

A vulnerability classified as critical has been found in SourceCodester Auto Dealer Management System 1.0.

CVE-2023-0916 Exploit

A vulnerability classified as critical was found in SourceCodester Auto Dealer Management System 1.0.

CVE-2023-0902 Exploit

A vulnerability was found in SourceCodester Simple Food Ordering System 1.0.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2023-26848 CVSS 9.8

TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the org parameter at setting/delS...

CVE-2023-27013 CVSS 9.8

Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the get_parentControl_list_Info function.

CVE-2023-27014 CVSS 9.8

Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_46AC38 function.

CVE-2023-27015 CVSS 9.8

Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_4A75C0 function.

CVE-2023-27016 CVSS 9.8

Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the R7WebsSecurityHandler function.

CVE-2023-27017 CVSS 9.8

Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_45DC58 function.

CVE-2023-27018 CVSS 9.8

Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_45EC1C function.

CVE-2023-27019 CVSS 9.8

Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_458FBC function.

CVE-2023-27020 CVSS 9.8

Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the saveParentControlInfo function.

CVE-2023-27021 CVSS 9.8

Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the formSetFirewallCfg function.

View critical disclosures

cvelogic Threat Intelligence