From 0090de6c5a774d771a41eaba23fe2e4774f6569b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 18 Mar 2025 15:00:31 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/44xxx/CVE-2024-44313.json | 61 ++++++++++++++++-- 2024/44xxx/CVE-2024-44314.json | 61 ++++++++++++++++-- 2024/49xxx/CVE-2024-49822.json | 79 ++++++++++++++++++++++-- 2025/25xxx/CVE-2025-25500.json | 61 ++++++++++++++++-- 2025/2xxx/CVE-2025-2491.json | 109 +++++++++++++++++++++++++++++++-- 2025/2xxx/CVE-2025-2499.json | 18 ++++++ 2025/2xxx/CVE-2025-2500.json | 18 ++++++ 2025/2xxx/CVE-2025-2501.json | 18 ++++++ 2025/2xxx/CVE-2025-2502.json | 18 ++++++ 2025/2xxx/CVE-2025-2503.json | 18 ++++++ 2025/30xxx/CVE-2025-30106.json | 61 ++++++++++++++++-- 2025/30xxx/CVE-2025-30107.json | 61 ++++++++++++++++-- 2025/30xxx/CVE-2025-30109.json | 61 ++++++++++++++++-- 2025/30xxx/CVE-2025-30110.json | 61 ++++++++++++++++-- 2025/30xxx/CVE-2025-30111.json | 61 ++++++++++++++++-- 2025/30xxx/CVE-2025-30113.json | 61 ++++++++++++++++-- 2025/30xxx/CVE-2025-30114.json | 61 ++++++++++++++++-- 2025/30xxx/CVE-2025-30115.json | 61 ++++++++++++++++-- 2025/30xxx/CVE-2025-30116.json | 61 ++++++++++++++++-- 2025/30xxx/CVE-2025-30117.json | 61 ++++++++++++++++-- 2025/30xxx/CVE-2025-30122.json | 61 ++++++++++++++++-- 2025/30xxx/CVE-2025-30123.json | 61 ++++++++++++++++-- 2025/30xxx/CVE-2025-30132.json | 61 ++++++++++++++++-- 2025/30xxx/CVE-2025-30196.json | 18 ++++++ 2025/30xxx/CVE-2025-30197.json | 18 ++++++ 25 files changed, 1186 insertions(+), 104 deletions(-) create mode 100644 2025/2xxx/CVE-2025-2499.json create mode 100644 2025/2xxx/CVE-2025-2500.json create mode 100644 2025/2xxx/CVE-2025-2501.json create mode 100644 2025/2xxx/CVE-2025-2502.json create mode 100644 2025/2xxx/CVE-2025-2503.json create mode 100644 2025/30xxx/CVE-2025-30196.json create mode 100644 2025/30xxx/CVE-2025-30197.json diff --git a/2024/44xxx/CVE-2024-44313.json b/2024/44xxx/CVE-2024-44313.json index 4ab1e886db0..14fc38561f7 100644 --- a/2024/44xxx/CVE-2024-44313.json +++ b/2024/44xxx/CVE-2024-44313.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-44313", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-44313", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TastyIgniter 3.7.6 contains an Incorrect Access Control vulnerability in the invoice() function within Orders.php which allows unauthorized users to access and generate invoices due to missing permission checks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/tastyigniter/TastyIgniter/blob/3.x/app/admin/controllers/Orders.php", + "refsource": "MISC", + "name": "https://github.com/tastyigniter/TastyIgniter/blob/3.x/app/admin/controllers/Orders.php" + }, + { + "refsource": "MISC", + "name": "https://medium.com/@cnetsec/cve-2024-44313-incorrect-access-control-in-tastyigniter-3-7-6-01a73c548b74", + "url": "https://medium.com/@cnetsec/cve-2024-44313-incorrect-access-control-in-tastyigniter-3-7-6-01a73c548b74" } ] } diff --git a/2024/44xxx/CVE-2024-44314.json b/2024/44xxx/CVE-2024-44314.json index d679b895ef3..c808b206313 100644 --- a/2024/44xxx/CVE-2024-44314.json +++ b/2024/44xxx/CVE-2024-44314.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-44314", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-44314", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TastyIgniter 3.7.6 contains an Incorrect Access Control vulnerability in the Orders Management System, allowing unauthorized users to update order statuses. The issue occurs in the index_onUpdateStatus() function within Orders.php, which fails to verify if the user has permission to modify an order's status. This flaw can be exploited remotely, leading to unauthorized order manipulation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/tastyigniter/TastyIgniter/blob/3.x/app/admin/controllers/Orders.php", + "refsource": "MISC", + "name": "https://github.com/tastyigniter/TastyIgniter/blob/3.x/app/admin/controllers/Orders.php" + }, + { + "refsource": "MISC", + "name": "https://medium.com/@cnetsec/cve-2024-44314-incorrect-access-control-in-function-updateorder-fc5f2b1b0467", + "url": "https://medium.com/@cnetsec/cve-2024-44314-incorrect-access-control-in-function-updateorder-fc5f2b1b0467" } ] } diff --git a/2024/49xxx/CVE-2024-49822.json b/2024/49xxx/CVE-2024-49822.json index 728154f56af..d9c1466e3c1 100644 --- a/2024/49xxx/CVE-2024-49822.json +++ b/2024/49xxx/CVE-2024-49822.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-49822", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM QRadar Advisor 1.0.0 through 2.6.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-918 Server-Side Request Forgery (SSRF)", + "cweId": "CWE-918" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "QRadar Advisor with Watson", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.0.0", + "version_value": "2.6.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/7186424", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/7186424" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2025/25xxx/CVE-2025-25500.json b/2025/25xxx/CVE-2025-25500.json index 19c4c24725e..2b52c7bab53 100644 --- a/2025/25xxx/CVE-2025-25500.json +++ b/2025/25xxx/CVE-2025-25500.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-25500", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-25500", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in CosmWasm prior to v2.2.0 allows attackers to bypass capability restrictions in blockchains by exploiting a lack of runtime capability validation. This allows attackers to deploy a contract without capability enforcement, and execute unauthorized actions on the blockchain." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/CVEProject/cveproject.github.io/blob/gh-pages/requester/reservation-guidelines.md", + "refsource": "MISC", + "name": "https://github.com/CVEProject/cveproject.github.io/blob/gh-pages/requester/reservation-guidelines.md" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/H3T76/8096a6ff9410f3a6d9a25db1a68ae657#file-cve-2025-25500", + "url": "https://gist.github.com/H3T76/8096a6ff9410f3a6d9a25db1a68ae657#file-cve-2025-25500" } ] } diff --git a/2025/2xxx/CVE-2025-2491.json b/2025/2xxx/CVE-2025-2491.json index 5281e342ca7..4cb6fb80ecb 100644 --- a/2025/2xxx/CVE-2025-2491.json +++ b/2025/2xxx/CVE-2025-2491.json @@ -1,17 +1,118 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-2491", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as problematic has been found in Dromara ujcms 9.7.5. This affects the function update of the file /main/java/com/ujcms/cms/ext/web/backendapi/WebFileTemplateController.java of the component Edit Template File Page. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in Dromara ujcms 9.7.5 entdeckt. Sie wurde als problematisch eingestuft. Es geht dabei um die Funktion update der Datei /main/java/com/ujcms/cms/ext/web/backendapi/WebFileTemplateController.java der Komponente Edit Template File Page. Mittels dem Manipulieren mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross Site Scripting", + "cweId": "CWE-79" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Code Injection", + "cweId": "CWE-94" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Dromara", + "product": { + "product_data": [ + { + "product_name": "ujcms", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "9.7.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.299997", + "refsource": "MISC", + "name": "https://vuldb.com/?id.299997" + }, + { + "url": "https://vuldb.com/?ctiid.299997", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.299997" + }, + { + "url": "https://vuldb.com/?submit.517269", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.517269" + }, + { + "url": "https://github.com/dromara/ujcms/issues/14", + "refsource": "MISC", + "name": "https://github.com/dromara/ujcms/issues/14" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "icefoxh (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 2.4, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 2.4, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 3.3, + "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N" } ] } diff --git a/2025/2xxx/CVE-2025-2499.json b/2025/2xxx/CVE-2025-2499.json new file mode 100644 index 00000000000..5c05320fa65 --- /dev/null +++ b/2025/2xxx/CVE-2025-2499.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-2499", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/2xxx/CVE-2025-2500.json b/2025/2xxx/CVE-2025-2500.json new file mode 100644 index 00000000000..e5a1610103a --- /dev/null +++ b/2025/2xxx/CVE-2025-2500.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-2500", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/2xxx/CVE-2025-2501.json b/2025/2xxx/CVE-2025-2501.json new file mode 100644 index 00000000000..950ffab6953 --- /dev/null +++ b/2025/2xxx/CVE-2025-2501.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-2501", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/2xxx/CVE-2025-2502.json b/2025/2xxx/CVE-2025-2502.json new file mode 100644 index 00000000000..99c963c4b9a --- /dev/null +++ b/2025/2xxx/CVE-2025-2502.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-2502", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/2xxx/CVE-2025-2503.json b/2025/2xxx/CVE-2025-2503.json new file mode 100644 index 00000000000..ee3990ee03f --- /dev/null +++ b/2025/2xxx/CVE-2025-2503.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-2503", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/30xxx/CVE-2025-30106.json b/2025/30xxx/CVE-2025-30106.json index 0c569224426..93640681336 100644 --- a/2025/30xxx/CVE-2025-30106.json +++ b/2025/30xxx/CVE-2025-30106.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-30106", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-30106", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On IROAD v9 devices, the dashcam has hardcoded default credentials (\"qwertyuiop\") that cannot be changed by the user. This allows an attacker within Wi-Fi range to connect to the device's network to perform sniffing." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://iroad-dashcam.nl/iroad/iroad-x5/", + "refsource": "MISC", + "name": "https://iroad-dashcam.nl/iroad/iroad-x5/" + }, + { + "refsource": "MISC", + "name": "https://github.com/geo-chen/IROAD-V", + "url": "https://github.com/geo-chen/IROAD-V" } ] } diff --git a/2025/30xxx/CVE-2025-30107.json b/2025/30xxx/CVE-2025-30107.json index 29796c1b2ef..d6ef3dbbc24 100644 --- a/2025/30xxx/CVE-2025-30107.json +++ b/2025/30xxx/CVE-2025-30107.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-30107", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-30107", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On IROAD V9 devices, Managing Settings and Obtaining Sensitive Data and Sabotaging the Car Battery can be performed by unauthorized parties. A vulnerability in the dashcam's configuration management allows unauthorized users to modify settings, disable critical functions, and turn off battery protection, potentially causing physical damage to the vehicle." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://iroad-dashcam.nl/iroad/iroad-x5/'", + "refsource": "MISC", + "name": "https://iroad-dashcam.nl/iroad/iroad-x5/'" + }, + { + "refsource": "MISC", + "name": "https://github.com/geo-chen/IROAD-V", + "url": "https://github.com/geo-chen/IROAD-V" } ] } diff --git a/2025/30xxx/CVE-2025-30109.json b/2025/30xxx/CVE-2025-30109.json index 04d35c58515..c0ce0778863 100644 --- a/2025/30xxx/CVE-2025-30109.json +++ b/2025/30xxx/CVE-2025-30109.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-30109", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-30109", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the IROAD APK 5.2.5, there are Hardcoded Credentials in the APK for ports 9091 and 9092. The mobile application for the dashcam contains hardcoded credentials that allow an attacker on the local Wi-Fi network to access API endpoints and retrieve sensitive device information, including live and recorded footage." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://iroad-dashcam.nl/iroad/iroad-x5/", + "refsource": "MISC", + "name": "https://iroad-dashcam.nl/iroad/iroad-x5/" + }, + { + "refsource": "MISC", + "name": "https://github.com/geo-chen/IROAD-V", + "url": "https://github.com/geo-chen/IROAD-V" } ] } diff --git a/2025/30xxx/CVE-2025-30110.json b/2025/30xxx/CVE-2025-30110.json index 84b9c3c2bbe..9c5a7d21ad8 100644 --- a/2025/30xxx/CVE-2025-30110.json +++ b/2025/30xxx/CVE-2025-30110.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-30110", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-30110", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On IROAD X5 devices, a Bypass of Device Pairing can occur via MAC Address Spoofing. The dashcam's pairing mechanism relies solely on MAC address verification, allowing an attacker to bypass authentication by spoofing an already-paired MAC address that can be captured via an ARP scan." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://iroad-dashcam.nl/iroad/iroad-x5/", + "refsource": "MISC", + "name": "https://iroad-dashcam.nl/iroad/iroad-x5/" + }, + { + "refsource": "MISC", + "name": "https://github.com/geo-chen/IROAD-V", + "url": "https://github.com/geo-chen/IROAD-V" } ] } diff --git a/2025/30xxx/CVE-2025-30111.json b/2025/30xxx/CVE-2025-30111.json index 8949b713482..c9270d84a16 100644 --- a/2025/30xxx/CVE-2025-30111.json +++ b/2025/30xxx/CVE-2025-30111.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-30111", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-30111", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On IROAD v9 devices, one can Remotely Dump Video Footage and the Live Video Stream. The dashcam exposes endpoints that allow unauthorized users, who gained access through other means, to list and download recorded videos, as well as access live video streams without proper authentication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://iroad-dashcam.nl/iroad/iroad-x5/", + "refsource": "MISC", + "name": "https://iroad-dashcam.nl/iroad/iroad-x5/" + }, + { + "refsource": "MISC", + "name": "https://github.com/geo-chen/IROAD-V", + "url": "https://github.com/geo-chen/IROAD-V" } ] } diff --git a/2025/30xxx/CVE-2025-30113.json b/2025/30xxx/CVE-2025-30113.json index e126c6d1f35..10872b4a424 100644 --- a/2025/30xxx/CVE-2025-30113.json +++ b/2025/30xxx/CVE-2025-30113.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-30113", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-30113", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Hardcoded Credentials exist in the APK for Ports 9091 and 9092. The dashcam's Android application contains hardcoded credentials that allow unauthorized access to device settings through ports 9091 and 9092. These credentials, stored in cleartext, can be exploited by an attacker who gains access to the dashcam's network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://medium.com/@geochen/cve-draft-hella-driving-recorder-dr-820-ff8c4e2cca26", + "refsource": "MISC", + "name": "https://medium.com/@geochen/cve-draft-hella-driving-recorder-dr-820-ff8c4e2cca26" + }, + { + "refsource": "MISC", + "name": "https://github.com/geo-chen/Hella", + "url": "https://github.com/geo-chen/Hella" } ] } diff --git a/2025/30xxx/CVE-2025-30114.json b/2025/30xxx/CVE-2025-30114.json index fa4ae6116d5..9fe79a08180 100644 --- a/2025/30xxx/CVE-2025-30114.json +++ b/2025/30xxx/CVE-2025-30114.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-30114", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-30114", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Bypassing of Device Pairing can occur. The pairing mechanism relies solely on the connecting device's MAC address. By obtaining the MAC address through network scanning and spoofing it, an attacker can bypass the authentication process and gain full access to the dashcam's features without proper authorization." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://medium.com/@geochen/cve-draft-hella-driving-recorder-dr-820-ff8c4e2cca26", + "refsource": "MISC", + "name": "https://medium.com/@geochen/cve-draft-hella-driving-recorder-dr-820-ff8c4e2cca26" + }, + { + "refsource": "MISC", + "name": "https://github.com/geo-chen/Hella", + "url": "https://github.com/geo-chen/Hella" } ] } diff --git a/2025/30xxx/CVE-2025-30115.json b/2025/30xxx/CVE-2025-30115.json index ac1c95e5c77..c250e7c2a4c 100644 --- a/2025/30xxx/CVE-2025-30115.json +++ b/2025/30xxx/CVE-2025-30115.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-30115", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-30115", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Default Credentials Cannot Be Changed. It uses a fixed default SSID and password (\"qwertyuiop\"), which cannot be modified by users. The SSID is continuously broadcast, allowing unauthorized access to the device network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://medium.com/@geochen/cve-draft-hella-driving-recorder-dr-820-ff8c4e2cca26", + "refsource": "MISC", + "name": "https://medium.com/@geochen/cve-draft-hella-driving-recorder-dr-820-ff8c4e2cca26" + }, + { + "refsource": "MISC", + "name": "https://github.com/geo-chen/Hella", + "url": "https://github.com/geo-chen/Hella" } ] } diff --git a/2025/30xxx/CVE-2025-30116.json b/2025/30xxx/CVE-2025-30116.json index e8a422dc328..3b752bdba72 100644 --- a/2025/30xxx/CVE-2025-30116.json +++ b/2025/30xxx/CVE-2025-30116.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-30116", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-30116", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Remotely Dumping of Video Footage and the Live Video Stream can occur. It allows remote attackers to access and download recorded video footage from the SD card via port 9091. Additionally, attackers can connect to port 9092 to stream the live video feed by bypassing the challenge-response authentication mechanism. This exposes sensitive location and personal data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://medium.com/@geochen/cve-draft-hella-driving-recorder-dr-820-ff8c4e2cca26", + "refsource": "MISC", + "name": "https://medium.com/@geochen/cve-draft-hella-driving-recorder-dr-820-ff8c4e2cca26" + }, + { + "refsource": "MISC", + "name": "https://github.com/geo-chen/Hella", + "url": "https://github.com/geo-chen/Hella" } ] } diff --git a/2025/30xxx/CVE-2025-30117.json b/2025/30xxx/CVE-2025-30117.json index 405c25d7739..ef1c30c0396 100644 --- a/2025/30xxx/CVE-2025-30117.json +++ b/2025/30xxx/CVE-2025-30117.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-30117", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-30117", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Managing Settings and Obtaining Sensitive Data and Sabotaging the Car Battery can be performed by unauthorized parties. After bypassing the device pairing, an attacker can obtain sensitive user and vehicle information through the settings interface. Remote attackers can modify power management settings, disable recording, delete stored footage, and turn off battery protection, leading to potential denial-of-service conditions and vehicle battery drainage." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://medium.com/@geochen/cve-draft-hella-driving-recorder-dr-820-ff8c4e2cca26", + "refsource": "MISC", + "name": "https://medium.com/@geochen/cve-draft-hella-driving-recorder-dr-820-ff8c4e2cca26" + }, + { + "refsource": "MISC", + "name": "https://github.com/geo-chen/Hella", + "url": "https://github.com/geo-chen/Hella" } ] } diff --git a/2025/30xxx/CVE-2025-30122.json b/2025/30xxx/CVE-2025-30122.json index c3949b44803..3704fd1c17c 100644 --- a/2025/30xxx/CVE-2025-30122.json +++ b/2025/30xxx/CVE-2025-30122.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-30122", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-30122", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered on ROADCAM X3 devices. It has a uniform default credential set that cannot be modified by users, making it easy for attackers to gain unauthorized access to multiple devices." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://roadcam.my/pages/install-x3", + "refsource": "MISC", + "name": "https://roadcam.my/pages/install-x3" + }, + { + "refsource": "MISC", + "name": "https://github.com/geo-chen/RoadCam", + "url": "https://github.com/geo-chen/RoadCam" } ] } diff --git a/2025/30xxx/CVE-2025-30123.json b/2025/30xxx/CVE-2025-30123.json index 2b30c1a4c39..32b5087f6d8 100644 --- a/2025/30xxx/CVE-2025-30123.json +++ b/2025/30xxx/CVE-2025-30123.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-30123", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-30123", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered on ROADCAM X3 devices. The mobile app APK (Viidure) contains hardcoded FTP credentials for the FTPX user account, enabling attackers to gain unauthorized access and extract sensitive recorded footage from the device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://roadcam.my/pages/install-x3", + "refsource": "MISC", + "name": "https://roadcam.my/pages/install-x3" + }, + { + "refsource": "MISC", + "name": "https://github.com/geo-chen/RoadCam", + "url": "https://github.com/geo-chen/RoadCam" } ] } diff --git a/2025/30xxx/CVE-2025-30132.json b/2025/30xxx/CVE-2025-30132.json index 5641f24390b..4a8cef49a4c 100644 --- a/2025/30xxx/CVE-2025-30132.json +++ b/2025/30xxx/CVE-2025-30132.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-30132", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-30132", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered on IROAD Dashcam V devices. It uses an unregistered public domain name as an internal domain, creating a security risk. During analysis, it was found that this domain was not owned by IROAD, allowing an attacker to register it and potentially intercept sensitive device traffic. If the dashcam or related services attempt to resolve this domain over the public Internet instead of locally, it could lead to data exfiltration or man-in-the-middle attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/geo-chen/IROAD?tab=readme-ov-file#finding-6-public-domain-used-for-internal-domain-name", + "refsource": "MISC", + "name": "https://github.com/geo-chen/IROAD?tab=readme-ov-file#finding-6-public-domain-used-for-internal-domain-name" + }, + { + "refsource": "MISC", + "name": "https://github.com/geo-chen/IROAD-V", + "url": "https://github.com/geo-chen/IROAD-V" } ] } diff --git a/2025/30xxx/CVE-2025-30196.json b/2025/30xxx/CVE-2025-30196.json new file mode 100644 index 00000000000..90ea8840aac --- /dev/null +++ b/2025/30xxx/CVE-2025-30196.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-30196", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/30xxx/CVE-2025-30197.json b/2025/30xxx/CVE-2025-30197.json new file mode 100644 index 00000000000..0d1ddd9368b --- /dev/null +++ b/2025/30xxx/CVE-2025-30197.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-30197", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file