From 11893e32339816aaa762f536de6f1cc9945148e9 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 28 Dec 2021 11:01:12 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/35xxx/CVE-2021-35031.json | 70 +++++++++++++++++++++++++++++++++- 2021/35xxx/CVE-2021-35032.json | 70 +++++++++++++++++++++++++++++++++- 2 files changed, 138 insertions(+), 2 deletions(-) diff --git a/2021/35xxx/CVE-2021-35031.json b/2021/35xxx/CVE-2021-35031.json index 6b93d36fb85..4ea82194074 100644 --- a/2021/35xxx/CVE-2021-35031.json +++ b/2021/35xxx/CVE-2021-35031.json @@ -1 +1,69 @@ -{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ASSIGNER":"PSIRT@zyxel.com.tw","ID":"CVE-2021-35031"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Zyxel","product":{"product_data":[{"product_name":"GS1900 series firmware","version":{"version_data":[{"version_value":"2.60"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}]},"references":{"reference_data":[{"refsource":"CONFIRM","name":"https://www.zyxel.com/support/Zyxel_security_advisory_for_OS_command_injection_vulnerabilities_of_switches.shtml","url":"https://www.zyxel.com/support/Zyxel_security_advisory_for_OS_command_injection_vulnerabilities_of_switches.shtml"}]},"impact":{"cvss":{"baseScore":"6.8","vectorString":"CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}},"description":{"description_data":[{"lang":"eng","value":"A vulnerability in the TFTP client of the Zyxel GS1900 series firmware version 2.60 could allow an authenticated LAN user to execute arbitrary OS commands."}]}} +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "security@zyxel.com.tw", + "ID": "CVE-2021-35031", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Zyxel", + "product": { + "product_data": [ + { + "product_name": "GS1900 series firmware", + "version": { + "version_data": [ + { + "version_value": "2.60" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.zyxel.com/support/Zyxel_security_advisory_for_OS_command_injection_vulnerabilities_of_switches.shtml", + "url": "https://www.zyxel.com/support/Zyxel_security_advisory_for_OS_command_injection_vulnerabilities_of_switches.shtml" + } + ] + }, + "impact": { + "cvss": { + "baseScore": "6.8", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the TFTP client of the Zyxel GS1900 series firmware version 2.60 could allow an authenticated LAN user to execute arbitrary OS commands." + } + ] + } +} \ No newline at end of file diff --git a/2021/35xxx/CVE-2021-35032.json b/2021/35xxx/CVE-2021-35032.json index 9499cd0080b..a3752987b86 100644 --- a/2021/35xxx/CVE-2021-35032.json +++ b/2021/35xxx/CVE-2021-35032.json @@ -1 +1,69 @@ -{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ASSIGNER":"PSIRT@zyxel.com.tw","ID":"CVE-2021-35032"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Zyxel","product":{"product_data":[{"product_name":"GS1900 series firmware","version":{"version_data":[{"version_value":"2.60"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}]},"references":{"reference_data":[{"refsource":"CONFIRM","name":"https://www.zyxel.com/support/Zyxel_security_advisory_for_OS_command_injection_vulnerabilities_of_switches.shtml","url":"https://www.zyxel.com/support/Zyxel_security_advisory_for_OS_command_injection_vulnerabilities_of_switches.shtml"}]},"impact":{"cvss":{"baseScore":"6.4","vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}},"description":{"description_data":[{"lang":"eng","value":"A vulnerability in the 'libsal.so' of the Zyxel GS1900 series firmware version 2.60 could allow an authenticated local user to execute arbitrary OS commands via a crafted function call."}]}} +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "security@zyxel.com.tw", + "ID": "CVE-2021-35032", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Zyxel", + "product": { + "product_data": [ + { + "product_name": "GS1900 series firmware", + "version": { + "version_data": [ + { + "version_value": "2.60" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.zyxel.com/support/Zyxel_security_advisory_for_OS_command_injection_vulnerabilities_of_switches.shtml", + "url": "https://www.zyxel.com/support/Zyxel_security_advisory_for_OS_command_injection_vulnerabilities_of_switches.shtml" + } + ] + }, + "impact": { + "cvss": { + "baseScore": "6.4", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the 'libsal.so' of the Zyxel GS1900 series firmware version 2.60 could allow an authenticated local user to execute arbitrary OS commands via a crafted function call." + } + ] + } +} \ No newline at end of file