< Back to all blog posts

GreyNoise Tag Round Up: October 1 - 29

The GreyNoise Team

NEW TAGS:

GitLab CE RCE Attempt  [Intention: Malicious]

Apache Storm Supervisor RCE Attempt  [Intention: Malicious]

  • CVE-2021-40865
  • This IP address has been observed attempting to exploit CVE-2021-40865, a pre-auth remote code execution vulnerability in Apache Storm supervisor server.
  • Sources: Security Lab, SecLists
  • See it on GreyNoise Viz

Hikvision IP Camera RCE Attempt  [Intention: Malicious]

  • CVE-2021-36260
  • This IP address has been observed attempting to exploit CVE-2021-36260, a remote command execution vulnerability in Hikvision IP cameras and NVR firmware.
  • Sources: Watchful IP, Github (@Aiminsun)
  • See it on GreyNoise Viz

SonicWall SMA100 Factory Reset Attempt  [Intention: Malicious]

  • CVE-2021-20034
  • This IP address has been observed attempting to exploit CVE-2021-20034, an arbitrary file deletion vulnerability that allows performing a factory reset on SonicWall SMA100 devices.
  • Sources: Exploit DB, Attacker KB
  • See it on GreyNoise Viz

SonicWall SSL-VPN RCE Attempt  [Intention: Malicious]

  • This IP address has been observed attempting to exploit a remote command execution vulnerability in SonicWall SSL-VPN.
  • Sources: Darren Martyn (Blog, GitHub)
  • See it on GreyNoise Viz

Legacy Web Server RCE Attempt [Intention: Malicious]

  • CVE-2009-4487, CVE-2009-4488, CVE-2009-4489, CVE-2009-4490, CVE-2009-4491, CVE-2009-4492, CVE-2009-4493, CVE-2009-4494, CVE-2009-4495, CVE-2009-4496
  • This IP address has been observed attempting to exploit a command injection vulnerability found in the old versions of several web servers.
  • Sources: ush.it
  • See it on GreyNoise Viz

D-Link DIR-825 R1 RCE Attempt [Intention: Malicious]

  • CVE-2020-29557
  • This IP address has been observed attempting to exploit CVE-2020-29557, a remote command execution vulnerability in D-Link DIR-825 R1 devices.
  • Sources: Shaked Delarea, NIST
  • See it on GreyNoise Viz

D-Link DNS-320 RCE Attempt [Intention: Malicious]

  • CVE-2020-25506
  • This IP address has been observed attempting to exploit CVE-2020-25506, a remote command execution vulnerability in D-Link DNS-320 devices.
  • Sources: NIST, GitHub
  • See it on GreyNoise Viz

Micro Focus OBR RCE Attempt [Intention: Malicious]

  • CVE-2021-22502
  • This IP address has been observed attempting to exploit CVE-2021-22502, a remote command execution vulnerability in Micro Focus Operation Bridge Reporter software.
  • Sources: NIST, GitHub
  • See it on GreyNoise Viz

Yealink Device Management RCE Attempt [Intention: Malicious]

  • CVE-2021-27561
  • This IP address has been observed attempting to exploit CVE-2021-27561, a remote command execution vulnerability in Yealink Device Management Platform.
  • Sources: NISTSSD Disclosure
  • See it on GreyNoise Viz
Roundup
Vulnerabilities
Tags