var-201704-0305
Vulnerability from variot
Netgear WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0 reveal wireless passwords and administrative usernames and passwords over SNMP. Netgear WNAP320 , WNDAP350 ,and WNDAP360 Contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Netgear is the world's leading enterprise network solution and advocate for digital home networking applications. There are information disclosure vulnerabilities in Netgear's various devices, and an attacker can exploit the vulnerability to obtain an administrator account and a wireless password. Security flaws exist in several Netgear products. The following products and versions are affected: Netgear WNAP320 prior to 3.5.5.0; WNDAP350 prior to 3.5.5.0; WNDAP360 prior to 3.5.5.0. Hello,
We’d like to report several vulnerabilities in embedded devices developed by D-Link and Netgear, which were discovered using our FIRMADYNE framework for emulation and dynamic analysis of Linux-based embedded devices. For more information, refer to our academic paper and open-source release at https://github.com/firmadyne/firmadyne.
Several Netgear devices include unauthenticated webpages that pass form input directly to the command-line, allowing for a command injection attack in boardData102.php, boardData103.php, boardDataJP.php, boardDataNA.php, and boardDataWW.php. This has been assigned CVE-2016-1555. Affected devices include:
Netgear WN604 Netgear WN802Tv2 Netgear WNAP210 Netgear WNAP320 Netgear WNDAP350 Netgear WNDAP360
Several D-Link devices include a web server that is vulnerable to a buffer overflow while parsing the 'dlink_uid' cookie. The length of the value set in the cookie is obtained using strlen(), which is then passed to memcpy(), and the value is copied into a fixed-size buffer. This has been assigned CVE-2016-1558. Affected devices include:
D-Link DAP-2310 D-Link DAP-2330 D-Link DAP-2360 D-Link DAP-2553 D-Link DAP-2660 D-Link DAP-2690 D-Link DAP-2695
Several Netgear devices include unauthenticated webpages that disclose the wireless WPS PIN, allowing for information disclosure. This has been assigned CVE-2016-1556. This has been assigned CVE-2016-1557 for Netgear devices, and CVE-2016-1559 for D-Link devices. Affected devices include:
D-Link DAP-1353 D-Link DAP-2553 D-Link DAP-3520 Netgear WNAP320 Netgear WNDAP350 Netgear WNDAP360
We have not heard back from D-Link after contacting the vendor. Netgear will fix WN604 with firmware 3.3.3 by late February, but the tentative ETA for the remaining devices is mid-March.
Thanks,
Dominic
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0305",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wndap360",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "3.0.5.0"
},
{
"model": "wnap320",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "3.0.5.0"
},
{
"model": "wndap350",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "3.0.5.0"
},
{
"model": "wnap320",
"scope": "lt",
"trust": 0.8,
"vendor": "net gear",
"version": "3.5.5.0"
},
{
"model": "wndap350",
"scope": "lt",
"trust": 0.8,
"vendor": "net gear",
"version": "3.5.5.0"
},
{
"model": "wndap360",
"scope": "lt",
"trust": 0.8,
"vendor": "net gear",
"version": "3.5.5.0"
},
{
"model": "wnap320",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "wndap350",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "wndap360",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "wndap360",
"scope": "eq",
"trust": 0.6,
"vendor": "netgear",
"version": "3.0.5.0"
},
{
"model": "wndap350",
"scope": "eq",
"trust": 0.6,
"vendor": "netgear",
"version": "3.0.5.0"
},
{
"model": "wnap320",
"scope": "eq",
"trust": 0.6,
"vendor": "netgear",
"version": "3.0.5.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01689"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008489"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-393"
},
{
"db": "NVD",
"id": "CVE-2016-1557"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:netgear:wnap320_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:wndap350_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:wndap360_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008489"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dominic Chen",
"sources": [
{
"db": "PACKETSTORM",
"id": "135956"
}
],
"trust": 0.1
},
"cve": "CVE-2016-1557",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-1557",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-01689",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-90376",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-1557",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-1557",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2016-1557",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2016-01689",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201604-393",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-90376",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01689"
},
{
"db": "VULHUB",
"id": "VHN-90376"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008489"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-393"
},
{
"db": "NVD",
"id": "CVE-2016-1557"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Netgear WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0 reveal wireless passwords and administrative usernames and passwords over SNMP. Netgear WNAP320 , WNDAP350 ,and WNDAP360 Contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Netgear is the world\u0027s leading enterprise network solution and advocate for digital home networking applications. There are information disclosure vulnerabilities in Netgear\u0027s various devices, and an attacker can exploit the vulnerability to obtain an administrator account and a wireless password. Security flaws exist in several Netgear products. The following products and versions are affected: Netgear WNAP320 prior to 3.5.5.0; WNDAP350 prior to 3.5.5.0; WNDAP360 prior to 3.5.5.0. Hello,\n\nWe\u2019d like to report several vulnerabilities in embedded devices developed by D-Link and Netgear, which were discovered using our FIRMADYNE framework for emulation and dynamic analysis of Linux-based embedded devices. For more information, refer to our academic paper and open-source release at https://github.com/firmadyne/firmadyne. \n\nSeveral Netgear devices include unauthenticated webpages that pass form input directly to the command-line, allowing for a command injection attack in `boardData102.php`, `boardData103.php`, `boardDataJP.php`, `boardDataNA.php`, and `boardDataWW.php`. This has been assigned CVE-2016-1555. Affected devices include:\n\nNetgear WN604\nNetgear WN802Tv2\nNetgear WNAP210\nNetgear WNAP320\nNetgear WNDAP350\nNetgear WNDAP360\n\nSeveral D-Link devices include a web server that is vulnerable to a buffer overflow while parsing the \u0027dlink_uid\u0027 cookie. The length of the value set in the cookie is obtained using strlen(), which is then passed to memcpy(), and the value is copied into a fixed-size buffer. This has been assigned CVE-2016-1558. Affected devices include:\n\nD-Link DAP-2310\nD-Link DAP-2330\nD-Link DAP-2360\nD-Link DAP-2553\nD-Link DAP-2660\nD-Link DAP-2690\nD-Link DAP-2695\n\nSeveral Netgear devices include unauthenticated webpages that disclose the wireless WPS PIN, allowing for information disclosure. This has been assigned CVE-2016-1556. This has been assigned CVE-2016-1557 for Netgear devices, and CVE-2016-1559 for D-Link devices. Affected devices include:\n\nD-Link DAP-1353\nD-Link DAP-2553\nD-Link DAP-3520\nNetgear WNAP320\nNetgear WNDAP350\nNetgear WNDAP360\n\nWe have not heard back from D-Link after contacting the vendor. Netgear will fix WN604 with firmware 3.3.3 by late February, but the tentative ETA for the remaining devices is mid-March. \n\nThanks,\n\nDominic\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1557"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008489"
},
{
"db": "CNVD",
"id": "CNVD-2016-01689"
},
{
"db": "VULHUB",
"id": "VHN-90376"
},
{
"db": "PACKETSTORM",
"id": "135956"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-1557",
"trust": 3.2
},
{
"db": "PACKETSTORM",
"id": "135956",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008489",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201604-393",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-01689",
"trust": 0.6
},
{
"db": "VULDB",
"id": "81131",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-90376",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01689"
},
{
"db": "VULHUB",
"id": "VHN-90376"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008489"
},
{
"db": "PACKETSTORM",
"id": "135956"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-393"
},
{
"db": "NVD",
"id": "CVE-2016-1557"
}
]
},
"id": "VAR-201704-0305",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01689"
},
{
"db": "VULHUB",
"id": "VHN-90376"
}
],
"trust": 1.1813131366666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01689"
}
]
},
"last_update_date": "2024-11-23T21:54:09.613000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2016-1557 - Notification",
"trust": 0.8,
"url": "https://kb.netgear.com/30482/CVE-2016-1557-Notification"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008489"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90376"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008489"
},
{
"db": "NVD",
"id": "CVE-2016-1557"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://packetstormsecurity.com/files/135956/d-link-netgear-firmadyne-command-injection-buffer-overflow.html"
},
{
"trust": 2.3,
"url": "http://seclists.org/fulldisclosure/2016/feb/112"
},
{
"trust": 1.7,
"url": "https://kb.netgear.com/30482/cve-2016-1557-notification?cid=wmt_netgear_organic"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1557"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1557"
},
{
"trust": 0.6,
"url": "http://vuldb.com/?id.81131"
},
{
"trust": 0.1,
"url": "https://github.com/firmadyne/firmadyne."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1559"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1555"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1558"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01689"
},
{
"db": "VULHUB",
"id": "VHN-90376"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008489"
},
{
"db": "PACKETSTORM",
"id": "135956"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-393"
},
{
"db": "NVD",
"id": "CVE-2016-1557"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-01689"
},
{
"db": "VULHUB",
"id": "VHN-90376"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008489"
},
{
"db": "PACKETSTORM",
"id": "135956"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-393"
},
{
"db": "NVD",
"id": "CVE-2016-1557"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-03-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-01689"
},
{
"date": "2017-04-21T00:00:00",
"db": "VULHUB",
"id": "VHN-90376"
},
{
"date": "2017-05-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008489"
},
{
"date": "2016-02-26T17:22:22",
"db": "PACKETSTORM",
"id": "135956"
},
{
"date": "2016-03-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-393"
},
{
"date": "2017-04-21T15:59:00.410000",
"db": "NVD",
"id": "CVE-2016-1557"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-03-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-01689"
},
{
"date": "2017-04-27T00:00:00",
"db": "VULHUB",
"id": "VHN-90376"
},
{
"date": "2017-05-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008489"
},
{
"date": "2017-04-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-393"
},
{
"date": "2024-11-21T02:46:38.070000",
"db": "NVD",
"id": "CVE-2016-1557"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-393"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Netgear Information disclosure vulnerability in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008489"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-393"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.