diff --git a/2021/23xxx/CVE-2021-23484.json b/2021/23xxx/CVE-2021-23484.json index 06508c713f9..5a75ae893aa 100644 --- a/2021/23xxx/CVE-2021-23484.json +++ b/2021/23xxx/CVE-2021-23484.json @@ -48,16 +48,19 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://snyk.io/vuln/SNYK-JS-ZIPLOCAL-2327477" + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-JS-ZIPLOCAL-2327477", + "name": "https://snyk.io/vuln/SNYK-JS-ZIPLOCAL-2327477" }, { - "refsource": "CONFIRM", - "url": "https://github.com/Mostafa-Samir/zip-local/blob/master/main.js%23L365" + "refsource": "MISC", + "url": "https://github.com/Mostafa-Samir/zip-local/blob/master/main.js%23L365", + "name": "https://github.com/Mostafa-Samir/zip-local/blob/master/main.js%23L365" }, { - "refsource": "CONFIRM", - "url": "https://github.com/Mostafa-Samir/zip-local/commit/949446a95a660c0752b1db0c654f0fd619ae6085" + "refsource": "MISC", + "url": "https://github.com/Mostafa-Samir/zip-local/commit/949446a95a660c0752b1db0c654f0fd619ae6085", + "name": "https://github.com/Mostafa-Samir/zip-local/commit/949446a95a660c0752b1db0c654f0fd619ae6085" } ] }, @@ -65,7 +68,7 @@ "description_data": [ { "lang": "eng", - "value": "The package zip-local before 0.3.5 are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) which can lead to an extraction of a crafted file outside the intended extraction directory.\r\n\r\n" + "value": "The package zip-local before 0.3.5 are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) which can lead to an extraction of a crafted file outside the intended extraction directory." } ] }, diff --git a/2021/23xxx/CVE-2021-23558.json b/2021/23xxx/CVE-2021-23558.json index 1d92bee7cc7..716ecdbd489 100644 --- a/2021/23xxx/CVE-2021-23558.json +++ b/2021/23xxx/CVE-2021-23558.json @@ -48,16 +48,19 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://snyk.io/vuln/SNYK-JS-BMOOR-2342622" + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-JS-BMOOR-2342622", + "name": "https://snyk.io/vuln/SNYK-JS-BMOOR-2342622" }, { - "refsource": "CONFIRM", - "url": "https://github.com/b-heilman/bmoor/commit/29b0162cc1dc1791fc060891f568b0ae29bc542b" + "refsource": "MISC", + "url": "https://github.com/b-heilman/bmoor/commit/29b0162cc1dc1791fc060891f568b0ae29bc542b", + "name": "https://github.com/b-heilman/bmoor/commit/29b0162cc1dc1791fc060891f568b0ae29bc542b" }, { - "refsource": "CONFIRM", - "url": "https://snyk.io/blog/remediate-javascript-type-confusion-bypassed-input-validation/" + "refsource": "MISC", + "url": "https://snyk.io/blog/remediate-javascript-type-confusion-bypassed-input-validation/", + "name": "https://snyk.io/blog/remediate-javascript-type-confusion-bypassed-input-validation/" } ] }, @@ -65,7 +68,7 @@ "description_data": [ { "lang": "eng", - "value": "The package bmoor before 0.10.1 are vulnerable to Prototype Pollution due to missing sanitization in set function.\r\n\r\n**Note:** This vulnerability derives from an incomplete fix in [CVE-2020-7736](https://security.snyk.io/vuln/SNYK-JS-BMOOR-598664)\r\n\r\n" + "value": "The package bmoor before 0.10.1 are vulnerable to Prototype Pollution due to missing sanitization in set function. **Note:** This vulnerability derives from an incomplete fix in [CVE-2020-7736](https://security.snyk.io/vuln/SNYK-JS-BMOOR-598664)" } ] }, diff --git a/2021/23xxx/CVE-2021-23760.json b/2021/23xxx/CVE-2021-23760.json index 8b30e3d9078..2e21ecb5ffc 100644 --- a/2021/23xxx/CVE-2021-23760.json +++ b/2021/23xxx/CVE-2021-23760.json @@ -48,8 +48,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://snyk.io/vuln/SNYK-JS-KEYGET-2342624" + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-JS-KEYGET-2342624", + "name": "https://snyk.io/vuln/SNYK-JS-KEYGET-2342624" } ] }, @@ -57,7 +58,7 @@ "description_data": [ { "lang": "eng", - "value": "The package keyget from 0.0.0 are vulnerable to Prototype Pollution via the methods set, push, and at which could allow an attacker to cause a denial of service and may lead to remote code execution.\r\n\r\n**Note:** This vulnerability derives from an incomplete fix to [CVE-2020-28272](https://security.snyk.io/vuln/SNYK-JS-KEYGET-1048048)\r\n\r\n" + "value": "The package keyget from 0.0.0 are vulnerable to Prototype Pollution via the methods set, push, and at which could allow an attacker to cause a denial of service and may lead to remote code execution. **Note:** This vulnerability derives from an incomplete fix to [CVE-2020-28272](https://security.snyk.io/vuln/SNYK-JS-KEYGET-1048048)" } ] }, diff --git a/2021/28xxx/CVE-2021-28613.json b/2021/28xxx/CVE-2021-28613.json index c5dd53bd256..5d26131be6e 100644 --- a/2021/28xxx/CVE-2021-28613.json +++ b/2021/28xxx/CVE-2021-28613.json @@ -58,14 +58,14 @@ "attackComplexity": "Low", "attackVector": "Local", "availabilityImpact": "High", - "baseScore": 7.7, + "baseScore": 7.4, "baseSeverity": "High", - "confidentialityImpact": "High", + "confidentialityImpact": "None", "integrityImpact": "High", "privilegesRequired": "High", "scope": "Changed", "userInteraction": "Required", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:N/I:H/A:H", "version": "3.1" } }, diff --git a/2021/35xxx/CVE-2021-35982.json b/2021/35xxx/CVE-2021-35982.json index 4569af619e6..f7cbbefab6c 100644 --- a/2021/35xxx/CVE-2021-35982.json +++ b/2021/35xxx/CVE-2021-35982.json @@ -18,15 +18,15 @@ "version_data": [ { "version_affected": "<=", - "version_value": "DC 2021 July" + "version_value": "2020.004.30006" }, { "version_affected": "<=", - "version_value": "20.0-Classic 2021 July" + "version_value": "2017.011.30199" }, { "version_affected": "<=", - "version_value": "17.0-Classic 2021 July" + "version_value": "2021.005.20060" }, { "version_affected": "<=", @@ -49,7 +49,7 @@ "description_data": [ { "lang": "eng", - "value": "Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an Uncontrolled Search Path Element vulnerability. An attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user via DLL hijacking. Exploitation of this issue requires user interaction." + "value": "Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an Uncontrolled Search Path Element vulnerability. A local attacker with non-administrative privileges can plant a malicious DLL to achieve arbitrary code execution in the context of the current user via DLL hijacking. Exploitation of this issue requires user interaction." } ] }, diff --git a/2021/36xxx/CVE-2021-36003.json b/2021/36xxx/CVE-2021-36003.json index 7e635808bd0..53f766fcee1 100644 --- a/2021/36xxx/CVE-2021-36003.json +++ b/2021/36xxx/CVE-2021-36003.json @@ -58,14 +58,14 @@ "attackComplexity": "Low", "attackVector": "Local", "availabilityImpact": "None", - "baseScore": 3.3, - "baseSeverity": "Low", - "confidentialityImpact": "Low", + "baseScore": 5.5, + "baseSeverity": "Medium", + "confidentialityImpact": "High", "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "userInteraction": "Required", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" } }, diff --git a/2021/39xxx/CVE-2021-39845.json b/2021/39xxx/CVE-2021-39845.json index bb51449bf54..6e26ef69b54 100644 --- a/2021/39xxx/CVE-2021-39845.json +++ b/2021/39xxx/CVE-2021-39845.json @@ -18,15 +18,15 @@ "version_data": [ { "version_affected": "<=", - "version_value": "DC 2021 July" + "version_value": "2020.004.30006" }, { "version_affected": "<=", - "version_value": "20.0-Classic 2021 July" + "version_value": "2017.011.30199" }, { "version_affected": "<=", - "version_value": "17.0-Classic 2021 July" + "version_value": "2021.005.20060" }, { "version_affected": "<=", @@ -55,17 +55,17 @@ }, "impact": { "cvss": { - "attackComplexity": "High", + "attackComplexity": "Low", "attackVector": "Local", "availabilityImpact": "High", - "baseScore": 7.7, - "baseSeverity": "High", + "baseScore": 6.1, + "baseSeverity": "Medium", "confidentialityImpact": "None", "integrityImpact": "Low", "privilegesRequired": "None", - "scope": "Changed", + "scope": "Unchanged", "userInteraction": "Required", - "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:H", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "version": "3.1" } }, diff --git a/2021/39xxx/CVE-2021-39846.json b/2021/39xxx/CVE-2021-39846.json index 72ce490763f..9a612c5a479 100644 --- a/2021/39xxx/CVE-2021-39846.json +++ b/2021/39xxx/CVE-2021-39846.json @@ -18,15 +18,15 @@ "version_data": [ { "version_affected": "<=", - "version_value": "DC 2021 July" + "version_value": "2020.004.30006" }, { "version_affected": "<=", - "version_value": "20.0-Classic 2021 July" + "version_value": "2017.011.30199" }, { "version_affected": "<=", - "version_value": "17.0-Classic 2021 July" + "version_value": "2021.005.20060" }, { "version_affected": "<=", @@ -55,17 +55,17 @@ }, "impact": { "cvss": { - "attackComplexity": "High", + "attackComplexity": "Low", "attackVector": "Local", "availabilityImpact": "High", - "baseScore": 7.7, - "baseSeverity": "High", + "baseScore": 6.1, + "baseSeverity": "Medium", "confidentialityImpact": "None", "integrityImpact": "Low", "privilegesRequired": "None", - "scope": "Changed", + "scope": "Unchanged", "userInteraction": "Required", - "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:H", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "version": "3.1" } }, diff --git a/2021/39xxx/CVE-2021-39855.json b/2021/39xxx/CVE-2021-39855.json index c02d11ae3d9..69ed8f2e4f2 100644 --- a/2021/39xxx/CVE-2021-39855.json +++ b/2021/39xxx/CVE-2021-39855.json @@ -18,15 +18,15 @@ "version_data": [ { "version_affected": "<=", - "version_value": "DC 2021 July" + "version_value": "2020.004.30006" }, { "version_affected": "<=", - "version_value": "20.0-Classic 2021 July" + "version_value": "2017.011.30199" }, { "version_affected": "<=", - "version_value": "17.0-Classic 2021 July" + "version_value": "2021.005.20060" }, { "version_affected": "<=", @@ -55,17 +55,17 @@ }, "impact": { "cvss": { - "attackComplexity": "High", + "attackComplexity": "Low", "attackVector": "Network", "availabilityImpact": "None", - "baseScore": 3.8, - "baseSeverity": "Low", - "confidentialityImpact": "Low", + "baseScore": 6.5, + "baseSeverity": "Medium", + "confidentialityImpact": "High", "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "userInteraction": "Required", - "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" } }, diff --git a/2021/39xxx/CVE-2021-39856.json b/2021/39xxx/CVE-2021-39856.json index d8f84ca320f..3df09105fdd 100644 --- a/2021/39xxx/CVE-2021-39856.json +++ b/2021/39xxx/CVE-2021-39856.json @@ -18,15 +18,15 @@ "version_data": [ { "version_affected": "<=", - "version_value": "DC 2021 July" + "version_value": "2020.004.30006" }, { "version_affected": "<=", - "version_value": "20.0-Classic 2021 July" + "version_value": "2017.011.30199" }, { "version_affected": "<=", - "version_value": "17.0-Classic 2021 July" + "version_value": "2021.005.20060" }, { "version_affected": "<=", @@ -55,17 +55,17 @@ }, "impact": { "cvss": { - "attackComplexity": "High", + "attackComplexity": "Low", "attackVector": "Network", "availabilityImpact": "None", - "baseScore": 3.8, - "baseSeverity": "Low", - "confidentialityImpact": "Low", + "baseScore": 6.5, + "baseSeverity": "Medium", + "confidentialityImpact": "High", "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "userInteraction": "Required", - "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" } }, diff --git a/2021/39xxx/CVE-2021-39860.json b/2021/39xxx/CVE-2021-39860.json index 5822c5ee288..7ac25bde234 100644 --- a/2021/39xxx/CVE-2021-39860.json +++ b/2021/39xxx/CVE-2021-39860.json @@ -18,15 +18,15 @@ "version_data": [ { "version_affected": "<=", - "version_value": "DC 2021 July" + "version_value": "2020.004.30006" }, { "version_affected": "<=", - "version_value": "20.0-Classic 2021 July" + "version_value": "2017.011.30199" }, { "version_affected": "<=", - "version_value": "17.0-Classic 2021 July" + "version_value": "2021.005.20060" }, { "version_affected": "<=", @@ -57,15 +57,15 @@ "cvss": { "attackComplexity": "Low", "attackVector": "Local", - "availabilityImpact": "High", + "availabilityImpact": "None", "baseScore": 5.5, "baseSeverity": "Medium", - "confidentialityImpact": "None", + "confidentialityImpact": "High", "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "userInteraction": "Required", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" } }, diff --git a/2021/39xxx/CVE-2021-39861.json b/2021/39xxx/CVE-2021-39861.json index 955fa123113..10fec42359d 100644 --- a/2021/39xxx/CVE-2021-39861.json +++ b/2021/39xxx/CVE-2021-39861.json @@ -18,15 +18,15 @@ "version_data": [ { "version_affected": "<=", - "version_value": "DC 2021 July" + "version_value": "2020.004.30006" }, { "version_affected": "<=", - "version_value": "20.0-Classic 2021 July" + "version_value": "2017.011.30199" }, { "version_affected": "<=", - "version_value": "17.0-Classic 2021 July" + "version_value": "2021.005.20060" }, { "version_affected": "<=", @@ -58,14 +58,14 @@ "attackComplexity": "Low", "attackVector": "Local", "availabilityImpact": "None", - "baseScore": 3.3, - "baseSeverity": "Low", - "confidentialityImpact": "Low", + "baseScore": 5.5, + "baseSeverity": "Medium", + "confidentialityImpact": "High", "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "userInteraction": "Required", - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" } }, diff --git a/2021/40xxx/CVE-2021-40711.json b/2021/40xxx/CVE-2021-40711.json index 9073d9eceba..02fef846df1 100644 --- a/2021/40xxx/CVE-2021-40711.json +++ b/2021/40xxx/CVE-2021-40711.json @@ -58,14 +58,14 @@ "attackComplexity": "Low", "attackVector": "Network", "availabilityImpact": "None", - "baseScore": 6.3, + "baseScore": 5.4, "baseSeverity": "Medium", - "confidentialityImpact": "High", + "confidentialityImpact": "Low", "integrityImpact": "Low", "privilegesRequired": "Low", - "scope": "Unchanged", + "scope": "Changed", "userInteraction": "Required", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" } }, diff --git a/2021/40xxx/CVE-2021-40714.json b/2021/40xxx/CVE-2021-40714.json index c5317ed9cd3..2e53d4fba27 100644 --- a/2021/40xxx/CVE-2021-40714.json +++ b/2021/40xxx/CVE-2021-40714.json @@ -58,14 +58,14 @@ "attackComplexity": "Low", "attackVector": "Network", "availabilityImpact": "None", - "baseScore": 6.4, + "baseScore": 6.1, "baseSeverity": "Medium", "confidentialityImpact": "Low", "integrityImpact": "Low", "privilegesRequired": "None", - "scope": "Unchanged", + "scope": "Changed", "userInteraction": "Required", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" } }, diff --git a/2021/40xxx/CVE-2021-40721.json b/2021/40xxx/CVE-2021-40721.json index 9213f39101b..eb93bc7949f 100644 --- a/2021/40xxx/CVE-2021-40721.json +++ b/2021/40xxx/CVE-2021-40721.json @@ -58,14 +58,14 @@ "attackComplexity": "Low", "attackVector": "Network", "availabilityImpact": "None", - "baseScore": 6.4, + "baseScore": 6.1, "baseSeverity": "Medium", "confidentialityImpact": "Low", "integrityImpact": "Low", "privilegesRequired": "None", - "scope": "Unchanged", + "scope": "Changed", "userInteraction": "Required", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" } }, diff --git a/2021/40xxx/CVE-2021-40732.json b/2021/40xxx/CVE-2021-40732.json index dbcf1d0b751..d83dd274c0a 100644 --- a/2021/40xxx/CVE-2021-40732.json +++ b/2021/40xxx/CVE-2021-40732.json @@ -57,15 +57,15 @@ "cvss": { "attackComplexity": "Low", "attackVector": "Local", - "availabilityImpact": "Low", - "baseScore": 4.4, + "availabilityImpact": "High", + "baseScore": 6.1, "baseSeverity": "Medium", "confidentialityImpact": "Low", "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "userInteraction": "Required", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "version": "3.1" } }, @@ -85,8 +85,8 @@ "reference_data": [ { "refsource": "MISC", - "url": "https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html", - "name": "https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html" + "url": "https://helpx.adobe.com/security/products/xmpcore/apsb21-85.html", + "name": "https://helpx.adobe.com/security/products/xmpcore/apsb21-85.html" } ] }, diff --git a/2021/40xxx/CVE-2021-40745.json b/2021/40xxx/CVE-2021-40745.json index 29ef8c3ce29..3ee37aa4ab7 100644 --- a/2021/40xxx/CVE-2021-40745.json +++ b/2021/40xxx/CVE-2021-40745.json @@ -55,17 +55,17 @@ }, "impact": { "cvss": { - "attackComplexity": "None", - "attackVector": "None", + "attackComplexity": "Low", + "attackVector": "Network", "availabilityImpact": "None", - "baseScore": 5.3, - "baseSeverity": "Medium", - "confidentialityImpact": "None", + "baseScore": 7.5, + "baseSeverity": "High", + "confidentialityImpact": "High", "integrityImpact": "None", "privilegesRequired": "None", - "scope": "None", + "scope": "Unchanged", "userInteraction": "None", - "vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" } }, diff --git a/2021/40xxx/CVE-2021-40770.json b/2021/40xxx/CVE-2021-40770.json index 398e2c9cb91..8a67f58bf17 100644 --- a/2021/40xxx/CVE-2021-40770.json +++ b/2021/40xxx/CVE-2021-40770.json @@ -58,14 +58,14 @@ "attackComplexity": "Low", "attackVector": "Local", "availabilityImpact": "High", - "baseScore": 5.5, - "baseSeverity": "Medium", - "confidentialityImpact": "None", - "integrityImpact": "None", + "baseScore": 7.8, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "userInteraction": "Required", - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } }, diff --git a/2021/40xxx/CVE-2021-40773.json b/2021/40xxx/CVE-2021-40773.json index aff99526092..12097122ef9 100644 --- a/2021/40xxx/CVE-2021-40773.json +++ b/2021/40xxx/CVE-2021-40773.json @@ -56,7 +56,7 @@ "impact": { "cvss": { "attackComplexity": "Low", - "attackVector": "Network", + "attackVector": "Local", "availabilityImpact": "High", "baseScore": 5.5, "baseSeverity": "Medium", @@ -65,7 +65,7 @@ "privilegesRequired": "None", "scope": "Unchanged", "userInteraction": "Required", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" } }, diff --git a/2021/42xxx/CVE-2021-42727.json b/2021/42xxx/CVE-2021-42727.json index cb1ab752deb..60b7b5327a3 100644 --- a/2021/42xxx/CVE-2021-42727.json +++ b/2021/42xxx/CVE-2021-42727.json @@ -49,7 +49,7 @@ "description_data": [ { "lang": "eng", - "value": "Acrobat RoboHelp Server versions 2020.0.1 (and earlier) are affected by a Path traversal vulnerability. The authenticated attacker can upload arbitrary files outside of the intended directory to cause remote code execution with privileges of user running Tomcat. Exploitation of this issue requires user interaction in that a victim must navigate to a planted file on the server." + "value": "Acrobat RoboHelp Server versions 2020.0.1 (and earlier) are affected by a Path traversal vulnerability. The authenticated attacker can send an HTTP POST request which will place a malicious .jsp file in the folder 'C:\\Program Files\\Adobe\\Adobe RoboHelp Server 11\\admin' to cause remote code execution with privileges of user running Tomcat. Exploitation of this issue requires user interaction in that a victim must navigate to a planted file on the server." } ] }, diff --git a/2021/43xxx/CVE-2021-43017.json b/2021/43xxx/CVE-2021-43017.json index 247f0ab5027..016bd6d883e 100644 --- a/2021/43xxx/CVE-2021-43017.json +++ b/2021/43xxx/CVE-2021-43017.json @@ -49,7 +49,7 @@ "description_data": [ { "lang": "eng", - "value": "Adobe Creative Cloud version 5.5 (and earlier) are affected by an Application denial of service vulnerability in the Creative Cloud Desktop installer. An authenticated attacker could leverage this vulnerability to achieve denial of service in the context of the user. User interaction is required before product installation to abuse this vulnerability." + "value": "Adobe Creative Cloud version 5.5 (and earlier) are affected by an Application denial of service vulnerability in the Creative Cloud Desktop installer. An authenticated attacker with root privileges could leverage this vulnerability to achieve denial of service by planting a malicious file on the victim's local machine. User interaction is required before product installation to abuse this vulnerability." } ] }, diff --git a/2021/43xxx/CVE-2021-43024.json b/2021/43xxx/CVE-2021-43024.json index f27cfe11a65..f584fe0998d 100644 --- a/2021/43xxx/CVE-2021-43024.json +++ b/2021/43xxx/CVE-2021-43024.json @@ -58,14 +58,14 @@ "attackComplexity": "Low", "attackVector": "Local", "availabilityImpact": "High", - "baseScore": 5.5, - "baseSeverity": "Medium", - "confidentialityImpact": "None", - "integrityImpact": "None", + "baseScore": 7.8, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "userInteraction": "Required", - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } }, @@ -75,7 +75,7 @@ "description": [ { "lang": "eng", - "value": "Access of Memory Location After End of Buffer (CWE-788)" + "value": "Out-of-bounds Write (CWE-787)" } ] } diff --git a/2021/43xxx/CVE-2021-43030.json b/2021/43xxx/CVE-2021-43030.json index fffe6f620da..14ee052d65a 100644 --- a/2021/43xxx/CVE-2021-43030.json +++ b/2021/43xxx/CVE-2021-43030.json @@ -49,7 +49,7 @@ "description_data": [ { "lang": "eng", - "value": "Adobe Premiere Rush versions 1.5.16 (and earlier) allows access to an uninitialized pointer vulnerability that allows remote attackers to disclose sensitive information on affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of MP4 files. The issue results from the lack of proper initialization of memory prior to accessing it." + "value": "Adobe Premiere Rush versions 1.5.16 (and earlier) allows access to an uninitialized pointer vulnerability that allows remote attackers to disclose arbitrary data on affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of MP4 files. The issue results from the lack of proper initialization of memory prior to accessing it." } ] }, @@ -87,11 +87,6 @@ "refsource": "MISC", "url": "https://helpx.adobe.com/security/products/premiere_rush/apsb21-101.html", "name": "https://helpx.adobe.com/security/products/premiere_rush/apsb21-101.html" - }, - { - "refsource": "MISC", - "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1587/", - "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1587/" } ] }, diff --git a/2021/43xxx/CVE-2021-43746.json b/2021/43xxx/CVE-2021-43746.json index 9828ab6290c..3079cf99d18 100644 --- a/2021/43xxx/CVE-2021-43746.json +++ b/2021/43xxx/CVE-2021-43746.json @@ -58,14 +58,14 @@ "attackComplexity": "Low", "attackVector": "Local", "availabilityImpact": "None", - "baseScore": 3.3, - "baseSeverity": "Low", - "confidentialityImpact": "Low", + "baseScore": 5.5, + "baseSeverity": "Medium", + "confidentialityImpact": "High", "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "userInteraction": "Required", - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" } }, @@ -87,16 +87,6 @@ "refsource": "MISC", "url": "https://helpx.adobe.com/security/products/premiere_rush/apsb21-101.html", "name": "https://helpx.adobe.com/security/products/premiere_rush/apsb21-101.html" - }, - { - "refsource": "MISC", - "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1557/", - "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1557/" - }, - { - "refsource": "MISC", - "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-079/", - "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-079/" } ] }, diff --git a/2021/44xxx/CVE-2021-44358.json b/2021/44xxx/CVE-2021-44358.json index 2ee4147712e..8eabd8bc7e2 100644 --- a/2021/44xxx/CVE-2021-44358.json +++ b/2021/44xxx/CVE-2021-44358.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-44358", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Reolink", + "version": { + "version_data": [ + { + "version_value": "reolink RLC-410W v3.0.0.136_20121102" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetRec param is not object. An attacker can send an HTTP request to trigger this vulnerability." } ] } diff --git a/2021/44xxx/CVE-2021-44359.json b/2021/44xxx/CVE-2021-44359.json index d253513e6a2..e933dd49099 100644 --- a/2021/44xxx/CVE-2021-44359.json +++ b/2021/44xxx/CVE-2021-44359.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-44359", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Reolink", + "version": { + "version_data": [ + { + "version_value": "reolink RLC-410W v3.0.0.136_20121102" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetCrop param is not object. An attacker can send an HTTP request to trigger this vulnerability." } ] } diff --git a/2021/44xxx/CVE-2021-44360.json b/2021/44xxx/CVE-2021-44360.json index 16b8c4ae0f7..a595bc46052 100644 --- a/2021/44xxx/CVE-2021-44360.json +++ b/2021/44xxx/CVE-2021-44360.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-44360", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Reolink", + "version": { + "version_data": [ + { + "version_value": "reolink RLC-410W v3.0.0.136_20121102" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetNorm param is not object. An attacker can send an HTTP request to trigger this vulnerability." } ] } diff --git a/2021/44xxx/CVE-2021-44361.json b/2021/44xxx/CVE-2021-44361.json index dc39e1e6033..4644d17efe7 100644 --- a/2021/44xxx/CVE-2021-44361.json +++ b/2021/44xxx/CVE-2021-44361.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-44361", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Reolink", + "version": { + "version_data": [ + { + "version_value": "reolink RLC-410W v3.0.0.136_20121102" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. Set3G param is not object. An attacker can send an HTTP request to trigger this vulnerability." } ] } diff --git a/2021/44xxx/CVE-2021-44362.json b/2021/44xxx/CVE-2021-44362.json index dafe7531d25..d24dcadf4f1 100644 --- a/2021/44xxx/CVE-2021-44362.json +++ b/2021/44xxx/CVE-2021-44362.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-44362", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Reolink", + "version": { + "version_data": [ + { + "version_value": "reolink RLC-410W v3.0.0.136_20121102" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetCloudSchedule param is not object. An attacker can send an HTTP request to trigger this vulnerability." } ] } diff --git a/2021/44xxx/CVE-2021-44363.json b/2021/44xxx/CVE-2021-44363.json index fd0657be58f..cfbc49de6ba 100644 --- a/2021/44xxx/CVE-2021-44363.json +++ b/2021/44xxx/CVE-2021-44363.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-44363", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Reolink", + "version": { + "version_data": [ + { + "version_value": "reolink RLC-410W v3.0.0.136_20121102" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetPush param is not object. An attacker can send an HTTP request to trigger this vulnerability." } ] } diff --git a/2021/44xxx/CVE-2021-44364.json b/2021/44xxx/CVE-2021-44364.json index 2565450b616..5e325427073 100644 --- a/2021/44xxx/CVE-2021-44364.json +++ b/2021/44xxx/CVE-2021-44364.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-44364", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Reolink", + "version": { + "version_data": [ + { + "version_value": "reolink RLC-410W v3.0.0.136_20121102" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetWifi param is not object. An attacker can send an HTTP request to trigger this vulnerability." } ] } diff --git a/2021/44xxx/CVE-2021-44365.json b/2021/44xxx/CVE-2021-44365.json index 2cc1daad762..132b5b7c47f 100644 --- a/2021/44xxx/CVE-2021-44365.json +++ b/2021/44xxx/CVE-2021-44365.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-44365", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Reolink", + "version": { + "version_data": [ + { + "version_value": "reolink RLC-410W v3.0.0.136_20121102" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetDevName param is not object. An attacker can send an HTTP request to trigger this vulnerability." } ] } diff --git a/2021/44xxx/CVE-2021-44367.json b/2021/44xxx/CVE-2021-44367.json index 3284958673c..19fb5a9d904 100644 --- a/2021/44xxx/CVE-2021-44367.json +++ b/2021/44xxx/CVE-2021-44367.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-44367", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Reolink", + "version": { + "version_data": [ + { + "version_value": "reolink RLC-410W v3.0.0.136_20121102" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetUpnp param is not object. An attacker can send an HTTP request to trigger this vulnerability." } ] } diff --git a/2021/44xxx/CVE-2021-44368.json b/2021/44xxx/CVE-2021-44368.json index 2677eccfd00..c1adc3a7405 100644 --- a/2021/44xxx/CVE-2021-44368.json +++ b/2021/44xxx/CVE-2021-44368.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-44368", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Reolink", + "version": { + "version_data": [ + { + "version_value": "reolink RLC-410W v3.0.0.136_20121102" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetNetPort param is not object. An attacker can send an HTTP request to trigger this vulnerability." } ] } diff --git a/2021/44xxx/CVE-2021-44369.json b/2021/44xxx/CVE-2021-44369.json index 39dc82f50ac..564c308c985 100644 --- a/2021/44xxx/CVE-2021-44369.json +++ b/2021/44xxx/CVE-2021-44369.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-44369", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Reolink", + "version": { + "version_data": [ + { + "version_value": "reolink RLC-410W v3.0.0.136_20121102" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetNtp param is not object. An attacker can send an HTTP request to trigger this vulnerability." } ] } diff --git a/2021/44xxx/CVE-2021-44370.json b/2021/44xxx/CVE-2021-44370.json index 3544c66c85c..4fdce8ab154 100644 --- a/2021/44xxx/CVE-2021-44370.json +++ b/2021/44xxx/CVE-2021-44370.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-44370", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Reolink", + "version": { + "version_data": [ + { + "version_value": "reolink RLC-410W v3.0.0.136_20121102" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetFtp param is not object. An attacker can send an HTTP request to trigger this vulnerability." } ] } diff --git a/2021/44xxx/CVE-2021-44371.json b/2021/44xxx/CVE-2021-44371.json index 03b738d595f..bef77ad125b 100644 --- a/2021/44xxx/CVE-2021-44371.json +++ b/2021/44xxx/CVE-2021-44371.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-44371", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Reolink", + "version": { + "version_data": [ + { + "version_value": "reolink RLC-410W v3.0.0.136_20121102" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetEmail param is not object. An attacker can send an HTTP request to trigger this vulnerability." } ] } diff --git a/2021/44xxx/CVE-2021-44372.json b/2021/44xxx/CVE-2021-44372.json index 60cad90b6af..fd04dc07cc6 100644 --- a/2021/44xxx/CVE-2021-44372.json +++ b/2021/44xxx/CVE-2021-44372.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-44372", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Reolink", + "version": { + "version_data": [ + { + "version_value": "reolink RLC-410W v3.0.0.136_20121102" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetLocalLink param is not object. An attacker can send an HTTP request to trigger this vulnerability." } ] } diff --git a/2021/44xxx/CVE-2021-44373.json b/2021/44xxx/CVE-2021-44373.json index 469ceba1573..360997c9f13 100644 --- a/2021/44xxx/CVE-2021-44373.json +++ b/2021/44xxx/CVE-2021-44373.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-44373", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Reolink", + "version": { + "version_data": [ + { + "version_value": "reolink RLC-410W v3.0.0.136_20121102" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetAutoFocus param is not object. An attacker can send an HTTP request to trigger this vulnerability." } ] } diff --git a/2021/44xxx/CVE-2021-44374.json b/2021/44xxx/CVE-2021-44374.json index 3aefdf44d85..e3e80fb6bab 100644 --- a/2021/44xxx/CVE-2021-44374.json +++ b/2021/44xxx/CVE-2021-44374.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-44374", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Reolink", + "version": { + "version_data": [ + { + "version_value": "reolink RLC-410W v3.0.0.136_20121102" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetMask param is not object. An attacker can send an HTTP request to trigger this vulnerability." } ] } diff --git a/2021/44xxx/CVE-2021-44376.json b/2021/44xxx/CVE-2021-44376.json index dc8e4fdd222..a4482442f9b 100644 --- a/2021/44xxx/CVE-2021-44376.json +++ b/2021/44xxx/CVE-2021-44376.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-44376", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Reolink", + "version": { + "version_data": [ + { + "version_value": "reolink RLC-410W v3.0.0.136_20121102" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetIsp param is not object. An attacker can send an HTTP request to trigger this vulnerability." } ] } diff --git a/2021/44xxx/CVE-2021-44377.json b/2021/44xxx/CVE-2021-44377.json index 4b94e216327..7a700981f1a 100644 --- a/2021/44xxx/CVE-2021-44377.json +++ b/2021/44xxx/CVE-2021-44377.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-44377", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Reolink", + "version": { + "version_data": [ + { + "version_value": "reolink RLC-410W v3.0.0.136_20121102" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetImage param is not object. An attacker can send an HTTP request to trigger this vulnerability." } ] } diff --git a/2021/44xxx/CVE-2021-44378.json b/2021/44xxx/CVE-2021-44378.json index 09d13cd2242..89e017686b2 100644 --- a/2021/44xxx/CVE-2021-44378.json +++ b/2021/44xxx/CVE-2021-44378.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-44378", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Reolink", + "version": { + "version_data": [ + { + "version_value": "reolink RLC-410W v3.0.0.136_20121102" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetEnc param is not object. An attacker can send an HTTP request to trigger this vulnerability." } ] } diff --git a/2021/44xxx/CVE-2021-44379.json b/2021/44xxx/CVE-2021-44379.json index 26b9cbae535..55cabd9832e 100644 --- a/2021/44xxx/CVE-2021-44379.json +++ b/2021/44xxx/CVE-2021-44379.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-44379", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Reolink", + "version": { + "version_data": [ + { + "version_value": "reolink RLC-410W v3.0.0.136_20121102" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetAutoMaint param is not object. An attacker can send an HTTP request to trigger this vulnerability." } ] } diff --git a/2021/44xxx/CVE-2021-44380.json b/2021/44xxx/CVE-2021-44380.json index d61422e4799..362036adbd5 100644 --- a/2021/44xxx/CVE-2021-44380.json +++ b/2021/44xxx/CVE-2021-44380.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-44380", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Reolink", + "version": { + "version_data": [ + { + "version_value": "reolink RLC-410W v3.0.0.136_20121102" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetTime param is not object. An attacker can send an HTTP request to trigger this vulnerability." } ] } diff --git a/2021/44xxx/CVE-2021-44381.json b/2021/44xxx/CVE-2021-44381.json index 01add5d0d97..2148b08dd58 100644 --- a/2021/44xxx/CVE-2021-44381.json +++ b/2021/44xxx/CVE-2021-44381.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-44381", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Reolink", + "version": { + "version_data": [ + { + "version_value": "reolink RLC-410W v3.0.0.136_20121102" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetPowerLed param is not object. An attacker can send an HTTP request to trigger this vulnerability." } ] } diff --git a/2021/44xxx/CVE-2021-44382.json b/2021/44xxx/CVE-2021-44382.json index 41b51a288b9..5d3af7e3183 100644 --- a/2021/44xxx/CVE-2021-44382.json +++ b/2021/44xxx/CVE-2021-44382.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-44382", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Reolink", + "version": { + "version_data": [ + { + "version_value": "reolink RLC-410W v3.0.0.136_20121102" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot.SetIrLights param is not object. An attacker can send an HTTP request to trigger this vulnerability." } ] } diff --git a/2021/44xxx/CVE-2021-44383.json b/2021/44xxx/CVE-2021-44383.json index 17c09a4743d..d743b9beed5 100644 --- a/2021/44xxx/CVE-2021-44383.json +++ b/2021/44xxx/CVE-2021-44383.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-44383", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Reolink", + "version": { + "version_data": [ + { + "version_value": "reolink RLC-410W v3.0.0.136_20121102" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetAutoUpgrade param is not object. An attacker can send an HTTP request to trigger this vulnerability." } ] } diff --git a/2021/44xxx/CVE-2021-44384.json b/2021/44xxx/CVE-2021-44384.json index 381bfce493b..7c75f00e8cc 100644 --- a/2021/44xxx/CVE-2021-44384.json +++ b/2021/44xxx/CVE-2021-44384.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-44384", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Reolink", + "version": { + "version_data": [ + { + "version_value": "reolink RLC-410W v3.0.0.136_20121102" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetPtzTattern param is not object. An attacker can send an HTTP request to trigger this vulnerability." } ] } diff --git a/2021/44xxx/CVE-2021-44385.json b/2021/44xxx/CVE-2021-44385.json index a1d08758bc0..b9bf00b3df0 100644 --- a/2021/44xxx/CVE-2021-44385.json +++ b/2021/44xxx/CVE-2021-44385.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-44385", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Reolink", + "version": { + "version_data": [ + { + "version_value": "reolink RLC-410W v3.0.0.136_20121102" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetPtzSerial param is not object. An attacker can send an HTTP request to trigger this vulnerability." } ] } diff --git a/2021/44xxx/CVE-2021-44386.json b/2021/44xxx/CVE-2021-44386.json index 1aa99599aa5..33a91728117 100644 --- a/2021/44xxx/CVE-2021-44386.json +++ b/2021/44xxx/CVE-2021-44386.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-44386", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Reolink", + "version": { + "version_data": [ + { + "version_value": "reolink RLC-410W v3.0.0.136_20121102" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetPtzPatrol param is not object. An attacker can send an HTTP request to trigger this vulnerability." } ] } diff --git a/2021/44xxx/CVE-2021-44387.json b/2021/44xxx/CVE-2021-44387.json index 371b35cdf2c..821bd9d1690 100644 --- a/2021/44xxx/CVE-2021-44387.json +++ b/2021/44xxx/CVE-2021-44387.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-44387", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Reolink", + "version": { + "version_data": [ + { + "version_value": "reolink RLC-410W v3.0.0.136_20121102" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetPtzPreset param is not object. An attacker can send an HTTP request to trigger this vulnerability." } ] } diff --git a/2021/44xxx/CVE-2021-44388.json b/2021/44xxx/CVE-2021-44388.json index a1e60706995..95289c22397 100644 --- a/2021/44xxx/CVE-2021-44388.json +++ b/2021/44xxx/CVE-2021-44388.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-44388", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Reolink", + "version": { + "version_data": [ + { + "version_value": "reolink RLC-410W v3.0.0.136_20121102" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. Login param is not object. An attacker can send an HTTP request to trigger this vulnerability." } ] } diff --git a/2021/44xxx/CVE-2021-44389.json b/2021/44xxx/CVE-2021-44389.json index a09d50766d6..c6a1dbfbab4 100644 --- a/2021/44xxx/CVE-2021-44389.json +++ b/2021/44xxx/CVE-2021-44389.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-44389", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Reolink", + "version": { + "version_data": [ + { + "version_value": "reolink RLC-410W v3.0.0.136_20121102" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetAbility param is not object. An attacker can send an HTTP request to trigger this vulnerability." } ] } diff --git a/2021/44xxx/CVE-2021-44390.json b/2021/44xxx/CVE-2021-44390.json index 5fe376fa9ef..68ef77beec0 100644 --- a/2021/44xxx/CVE-2021-44390.json +++ b/2021/44xxx/CVE-2021-44390.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-44390", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Reolink", + "version": { + "version_data": [ + { + "version_value": "reolink RLC-410W v3.0.0.136_20121102" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. Format param is not object. An attacker can send an HTTP request to trigger this vulnerability." } ] } diff --git a/2021/44xxx/CVE-2021-44391.json b/2021/44xxx/CVE-2021-44391.json index 21eb3aa6706..4c13da9501c 100644 --- a/2021/44xxx/CVE-2021-44391.json +++ b/2021/44xxx/CVE-2021-44391.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-44391", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Reolink", + "version": { + "version_data": [ + { + "version_value": "reolink RLC-410W v3.0.0.136_20121102" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetEnc param is not object. An attacker can send an HTTP request to trigger this vulnerability." } ] } diff --git a/2021/44xxx/CVE-2021-44392.json b/2021/44xxx/CVE-2021-44392.json index 905883e5e0b..01c7e5eaf27 100644 --- a/2021/44xxx/CVE-2021-44392.json +++ b/2021/44xxx/CVE-2021-44392.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-44392", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Reolink", + "version": { + "version_data": [ + { + "version_value": "reolink RLC-410W v3.0.0.136_20121102" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetImage param is not object. An attacker can send an HTTP request to trigger this vulnerability." } ] } diff --git a/2021/44xxx/CVE-2021-44393.json b/2021/44xxx/CVE-2021-44393.json index 64a1ac5386a..9a7af274265 100644 --- a/2021/44xxx/CVE-2021-44393.json +++ b/2021/44xxx/CVE-2021-44393.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-44393", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Reolink", + "version": { + "version_data": [ + { + "version_value": "reolink RLC-410W v3.0.0.136_20121102" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetIsp param is not object. An attacker can send an HTTP request to trigger this vulnerability." } ] } diff --git a/2021/44xxx/CVE-2021-44395.json b/2021/44xxx/CVE-2021-44395.json index e46116e2b2c..836076d16bd 100644 --- a/2021/44xxx/CVE-2021-44395.json +++ b/2021/44xxx/CVE-2021-44395.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-44395", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Reolink", + "version": { + "version_data": [ + { + "version_value": "reolink RLC-410W v3.0.0.136_20121102" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetMask param is not object. An attacker can send an HTTP request to trigger this vulnerability." } ] } diff --git a/2021/44xxx/CVE-2021-44396.json b/2021/44xxx/CVE-2021-44396.json index 60e41c6c82d..aff8ed81cfd 100644 --- a/2021/44xxx/CVE-2021-44396.json +++ b/2021/44xxx/CVE-2021-44396.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-44396", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Reolink", + "version": { + "version_data": [ + { + "version_value": "reolink RLC-410W v3.0.0.136_20121102" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. Preview param is not object. An attacker can send an HTTP request to trigger this vulnerability." } ] } diff --git a/2021/44xxx/CVE-2021-44397.json b/2021/44xxx/CVE-2021-44397.json index d053d4dcb81..2322a612dd7 100644 --- a/2021/44xxx/CVE-2021-44397.json +++ b/2021/44xxx/CVE-2021-44397.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-44397", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Reolink", + "version": { + "version_data": [ + { + "version_value": "reolink RLC-410W v3.0.0.136_20121102" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. rtmp=start param is not object. An attacker can send an HTTP request to trigger this vulnerability." } ] } diff --git a/2021/44xxx/CVE-2021-44398.json b/2021/44xxx/CVE-2021-44398.json index 938fb383434..165ba3e680b 100644 --- a/2021/44xxx/CVE-2021-44398.json +++ b/2021/44xxx/CVE-2021-44398.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-44398", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Reolink", + "version": { + "version_data": [ + { + "version_value": "reolink RLC-410W v3.0.0.136_20121102" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. rtmp=stop param is not object. An attacker can send an HTTP request to trigger this vulnerability." } ] } diff --git a/2021/44xxx/CVE-2021-44399.json b/2021/44xxx/CVE-2021-44399.json index d45fb1705bc..3d25cc4d3be 100644 --- a/2021/44xxx/CVE-2021-44399.json +++ b/2021/44xxx/CVE-2021-44399.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-44399", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Reolink", + "version": { + "version_data": [ + { + "version_value": "reolink RLC-410W v3.0.0.136_20121102" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetPtzPreset param is not object. An attacker can send an HTTP request to trigger this vulnerability." } ] } diff --git a/2021/44xxx/CVE-2021-44400.json b/2021/44xxx/CVE-2021-44400.json index 9d36cf990d7..44f26e29d8e 100644 --- a/2021/44xxx/CVE-2021-44400.json +++ b/2021/44xxx/CVE-2021-44400.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-44400", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Reolink", + "version": { + "version_data": [ + { + "version_value": "reolink RLC-410W v3.0.0.136_20121102" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetPtzPatrol param is not object. An attacker can send an HTTP request to trigger this vulnerability." } ] } diff --git a/2021/44xxx/CVE-2021-44401.json b/2021/44xxx/CVE-2021-44401.json index 684d4e7348d..4a1539fc182 100644 --- a/2021/44xxx/CVE-2021-44401.json +++ b/2021/44xxx/CVE-2021-44401.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-44401", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Reolink", + "version": { + "version_data": [ + { + "version_value": "reolink RLC-410W v3.0.0.136_20121102" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. PtzCtrl param is not object. An attacker can send an HTTP request to trigger this vulnerability." } ] } diff --git a/2021/44xxx/CVE-2021-44402.json b/2021/44xxx/CVE-2021-44402.json index 1da09496276..d0d23399376 100644 --- a/2021/44xxx/CVE-2021-44402.json +++ b/2021/44xxx/CVE-2021-44402.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-44402", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Reolink", + "version": { + "version_data": [ + { + "version_value": "reolink RLC-410W v3.0.0.136_20121102" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetPtzSerial param is not object. An attacker can send an HTTP request to trigger this vulnerability." } ] } diff --git a/2021/44xxx/CVE-2021-44403.json b/2021/44xxx/CVE-2021-44403.json index 632eb4dac43..e9a36b17035 100644 --- a/2021/44xxx/CVE-2021-44403.json +++ b/2021/44xxx/CVE-2021-44403.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-44403", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Reolink", + "version": { + "version_data": [ + { + "version_value": "reolink RLC-410W v3.0.0.136_20121102" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetPtzTattern param is not object. An attacker can send an HTTP request to trigger this vulnerability." } ] } diff --git a/2021/44xxx/CVE-2021-44404.json b/2021/44xxx/CVE-2021-44404.json index d0d000cb1cd..92a05f8c7d7 100644 --- a/2021/44xxx/CVE-2021-44404.json +++ b/2021/44xxx/CVE-2021-44404.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-44404", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Reolink", + "version": { + "version_data": [ + { + "version_value": "reolink RLC-410W v3.0.0.136_20121102" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetZoomFocus param is not object. An attacker can send an HTTP request to trigger this vulnerability." } ] } diff --git a/2021/44xxx/CVE-2021-44405.json b/2021/44xxx/CVE-2021-44405.json index 9286c51ee57..6a41419d85f 100644 --- a/2021/44xxx/CVE-2021-44405.json +++ b/2021/44xxx/CVE-2021-44405.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-44405", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Reolink", + "version": { + "version_data": [ + { + "version_value": "reolink RLC-410W v3.0.0.136_20121102" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. StartZoomFocus param is not object. An attacker can send an HTTP request to trigger this vulnerability." } ] } diff --git a/2021/44xxx/CVE-2021-44406.json b/2021/44xxx/CVE-2021-44406.json index 1f9457dae04..a819d88f678 100644 --- a/2021/44xxx/CVE-2021-44406.json +++ b/2021/44xxx/CVE-2021-44406.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-44406", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Reolink", + "version": { + "version_data": [ + { + "version_value": "reolink RLC-410W v3.0.0.136_20121102" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetAutoFocus param is not object. An attacker can send an HTTP request to trigger this vulnerability." } ] } diff --git a/2021/44xxx/CVE-2021-44407.json b/2021/44xxx/CVE-2021-44407.json index fd56c46222b..40a5a671a6f 100644 --- a/2021/44xxx/CVE-2021-44407.json +++ b/2021/44xxx/CVE-2021-44407.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-44407", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Reolink", + "version": { + "version_data": [ + { + "version_value": "reolink RLC-410W v3.0.0.136_20121102" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. TestEmail param is not object. An attacker can send an HTTP request to trigger this vulnerability." } ] } diff --git a/2021/44xxx/CVE-2021-44408.json b/2021/44xxx/CVE-2021-44408.json index 924c7eace94..63266360369 100644 --- a/2021/44xxx/CVE-2021-44408.json +++ b/2021/44xxx/CVE-2021-44408.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-44408", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Reolink", + "version": { + "version_data": [ + { + "version_value": "reolink RLC-410W v3.0.0.136_20121102" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. TestFtp param is not object. An attacker can send an HTTP request to trigger this vulnerability." } ] } diff --git a/2021/44xxx/CVE-2021-44409.json b/2021/44xxx/CVE-2021-44409.json index ac6b4c60733..15046f37c72 100644 --- a/2021/44xxx/CVE-2021-44409.json +++ b/2021/44xxx/CVE-2021-44409.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-44409", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Reolink", + "version": { + "version_data": [ + { + "version_value": "reolink RLC-410W v3.0.0.136_20121102" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. TestWifi param is not object. An attacker can send an HTTP request to trigger this vulnerability." } ] } diff --git a/2021/44xxx/CVE-2021-44410.json b/2021/44xxx/CVE-2021-44410.json index ecef8c41d50..e9f5bec3cf1 100644 --- a/2021/44xxx/CVE-2021-44410.json +++ b/2021/44xxx/CVE-2021-44410.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-44410", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Reolink", + "version": { + "version_data": [ + { + "version_value": "reolink RLC-410W v3.0.0.136_20121102" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. UpgradePrepare param is not object. An attacker can send an HTTP request to trigger this vulnerability." } ] } diff --git a/2021/44xxx/CVE-2021-44411.json b/2021/44xxx/CVE-2021-44411.json index c285c913528..e9456837752 100644 --- a/2021/44xxx/CVE-2021-44411.json +++ b/2021/44xxx/CVE-2021-44411.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-44411", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Reolink", + "version": { + "version_data": [ + { + "version_value": "reolink RLC-410W v3.0.0.136_20121102" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. Search param is not object. An attacker can send an HTTP request to trigger this vulnerability." } ] } diff --git a/2021/44xxx/CVE-2021-44412.json b/2021/44xxx/CVE-2021-44412.json index 85d545d49c6..b0ffdb8abcb 100644 --- a/2021/44xxx/CVE-2021-44412.json +++ b/2021/44xxx/CVE-2021-44412.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-44412", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Reolink", + "version": { + "version_data": [ + { + "version_value": "reolink RLC-410W v3.0.0.136_20121102" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetRec param is not object. An attacker can send an HTTP request to trigger this vulnerability." } ] } diff --git a/2021/44xxx/CVE-2021-44413.json b/2021/44xxx/CVE-2021-44413.json index bd90b71c98d..e21584c2a88 100644 --- a/2021/44xxx/CVE-2021-44413.json +++ b/2021/44xxx/CVE-2021-44413.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-44413", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Reolink", + "version": { + "version_data": [ + { + "version_value": "reolink RLC-410W v3.0.0.136_20121102" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. AddUser param is not object. An attacker can send an HTTP request to trigger this vulnerability." } ] } diff --git a/2021/44xxx/CVE-2021-44414.json b/2021/44xxx/CVE-2021-44414.json index a979c2725a0..2901e290bac 100644 --- a/2021/44xxx/CVE-2021-44414.json +++ b/2021/44xxx/CVE-2021-44414.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-44414", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Reolink", + "version": { + "version_data": [ + { + "version_value": "reolink RLC-410W v3.0.0.136_20121102" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. DelUser param is not object. An attacker can send an HTTP request to trigger this vulnerability." } ] } diff --git a/2021/44xxx/CVE-2021-44415.json b/2021/44xxx/CVE-2021-44415.json index 59b7a4dbf67..d0adf9e2d20 100644 --- a/2021/44xxx/CVE-2021-44415.json +++ b/2021/44xxx/CVE-2021-44415.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-44415", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Reolink", + "version": { + "version_data": [ + { + "version_value": "reolink RLC-410W v3.0.0.136_20121102" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. ModifyUser param is not object. An attacker can send an HTTP request to trigger this vulnerability." } ] } diff --git a/2021/44xxx/CVE-2021-44416.json b/2021/44xxx/CVE-2021-44416.json index 727c09378ac..99d52393eb6 100644 --- a/2021/44xxx/CVE-2021-44416.json +++ b/2021/44xxx/CVE-2021-44416.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-44416", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Reolink", + "version": { + "version_data": [ + { + "version_value": "reolink RLC-410W v3.0.0.136_20121102" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. Disconnect param is not object. An attacker can send an HTTP request to trigger this vulnerability." } ] } diff --git a/2021/44xxx/CVE-2021-44417.json b/2021/44xxx/CVE-2021-44417.json index 8bea01c55fc..c226ba708b0 100644 --- a/2021/44xxx/CVE-2021-44417.json +++ b/2021/44xxx/CVE-2021-44417.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-44417", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Reolink", + "version": { + "version_data": [ + { + "version_value": "reolink RLC-410W v3.0.0.136_20121102" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetAlarm param is not object. An attacker can send an HTTP request to trigger this vulnerability." } ] } diff --git a/2021/44xxx/CVE-2021-44418.json b/2021/44xxx/CVE-2021-44418.json index b47073ebc27..6edaf85fb51 100644 --- a/2021/44xxx/CVE-2021-44418.json +++ b/2021/44xxx/CVE-2021-44418.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-44418", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Reolink", + "version": { + "version_data": [ + { + "version_value": "reolink RLC-410W v3.0.0.136_20121102" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetMdState param is not object. An attacker can send an HTTP request to trigger this vulnerability." } ] } diff --git a/2021/44xxx/CVE-2021-44419.json b/2021/44xxx/CVE-2021-44419.json index 950ae66da10..e46ac102f7c 100644 --- a/2021/44xxx/CVE-2021-44419.json +++ b/2021/44xxx/CVE-2021-44419.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-44419", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Reolink", + "version": { + "version_data": [ + { + "version_value": "reolink RLC-410W v3.0.0.136_20121102" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1421" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetMdAlarm param is not object. An attacker can send an HTTP request to trigger this vulnerability." } ] } diff --git a/2021/46xxx/CVE-2021-46444.json b/2021/46xxx/CVE-2021-46444.json index 3fa54b67ede..13d60dc16c6 100644 --- a/2021/46xxx/CVE-2021-46444.json +++ b/2021/46xxx/CVE-2021-46444.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-46444", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-46444", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/admin.php?module=admin_group_edit&agID." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.hhg-multistore.com/", + "refsource": "MISC", + "name": "https://www.hhg-multistore.com/" + }, + { + "url": "https://github.com/blockomat2100/PoCs/blob/main/hhg_multistore/exploit_hhg_multistore.md", + "refsource": "MISC", + "name": "https://github.com/blockomat2100/PoCs/blob/main/hhg_multistore/exploit_hhg_multistore.md" } ] } diff --git a/2021/46xxx/CVE-2021-46445.json b/2021/46xxx/CVE-2021-46445.json index c65318fdb6f..f1b53654891 100644 --- a/2021/46xxx/CVE-2021-46445.json +++ b/2021/46xxx/CVE-2021-46445.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-46445", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-46445", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/categories.php?box_group_id." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.hhg-multistore.com/", + "refsource": "MISC", + "name": "https://www.hhg-multistore.com/" + }, + { + "url": "https://github.com/blockomat2100/PoCs/blob/main/hhg_multistore/exploit_hhg_multistore.md", + "refsource": "MISC", + "name": "https://github.com/blockomat2100/PoCs/blob/main/hhg_multistore/exploit_hhg_multistore.md" } ] } diff --git a/2021/46xxx/CVE-2021-46446.json b/2021/46xxx/CVE-2021-46446.json index 3de9e6b33b8..1e714eedfb3 100644 --- a/2021/46xxx/CVE-2021-46446.json +++ b/2021/46xxx/CVE-2021-46446.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-46446", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-46446", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/admin.php?module=admin_access_group_edit&aagID." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.hhg-multistore.com/", + "refsource": "MISC", + "name": "https://www.hhg-multistore.com/" + }, + { + "url": "https://github.com/blockomat2100/PoCs/blob/main/hhg_multistore/exploit_hhg_multistore.md", + "refsource": "MISC", + "name": "https://github.com/blockomat2100/PoCs/blob/main/hhg_multistore/exploit_hhg_multistore.md" } ] } diff --git a/2021/46xxx/CVE-2021-46447.json b/2021/46xxx/CVE-2021-46447.json index 973ce458902..97483e961b8 100644 --- a/2021/46xxx/CVE-2021-46447.json +++ b/2021/46xxx/CVE-2021-46447.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-46447", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-46447", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site scripting (XSS) vulnerability in H.H.G Multistore v5.1.0 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the State parameter under the Address Book module." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.hhg-multistore.com/", + "refsource": "MISC", + "name": "https://www.hhg-multistore.com/" + }, + { + "url": "https://github.com/blockomat2100/PoCs/blob/main/hhg_multistore/exploit_hhg_multistore.md", + "refsource": "MISC", + "name": "https://github.com/blockomat2100/PoCs/blob/main/hhg_multistore/exploit_hhg_multistore.md" } ] } diff --git a/2021/46xxx/CVE-2021-46448.json b/2021/46xxx/CVE-2021-46448.json index d99b88a52be..17507062b2b 100644 --- a/2021/46xxx/CVE-2021-46448.json +++ b/2021/46xxx/CVE-2021-46448.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-46448", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-46448", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/customers.php?page=1&cID." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.hhg-multistore.com/", + "refsource": "MISC", + "name": "https://www.hhg-multistore.com/" + }, + { + "url": "https://github.com/blockomat2100/PoCs/blob/main/hhg_multistore/exploit_hhg_multistore.md", + "refsource": "MISC", + "name": "https://github.com/blockomat2100/PoCs/blob/main/hhg_multistore/exploit_hhg_multistore.md" } ] } diff --git a/2022/0xxx/CVE-2022-0407.json b/2022/0xxx/CVE-2022-0407.json new file mode 100644 index 00000000000..c0cc49abaaa --- /dev/null +++ b/2022/0xxx/CVE-2022-0407.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-0407", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file