Freely subscribe to our NEWSLETTER

Significant Spike in Exploitation of CNVD-Listed Vulnerabilities
On the 15th of May, the CrowdSec Network recorded a sharp uptick in exploitation attempts targeting three exploits that are tracked exclusively in the Chinese National Vulnerability Database (CNVD):
• CNVD-2019-19299
• CNVD-2022-42853
• CNVD-2021-30167

About the exploits
The CNVD database tracks exploits related to software commonly used within China and its neighbouring countries and functions very similarly to the NVD’s CVE framework. All three vulnerabilities are remote code execution exploits, and target software stacks that are predominantly used within China, but the attackers behind these campaigns aren’t stopping there.

Key findings
While the CrowdSec Network’s visibility beyond the Great Firewall is constrained, we can still observe the campaign and what else these attackers are looking for.
• The spike, visible in the chart below, reveals coordinated scanning behavior that likely signals a broader exploitation campaign currently in motion.
• Here’s the Twist: The same attacker clusters are also seen deploying vulnerabilities commonly cataloged in the NVD, targeting global software.
• This mix of CNVD and CVE-based tactics suggests one thing: Attackers aren’t limiting themselves by geography, so why should defenders?
• As software supply chains become increasingly globalized, relying exclusively on U.S.-centric vulnerability databases such as the NVD creates dangerous blind spots. Threat actors clearly understand this, and they are actively exploiting those gaps.