"-Synchronized-Data."

2025-05-07 03:02:46 +00:00 · 2024-01-08 04:00:37 +00:00 · 2024-01-08 04:00:37 +00:00 · 1c191514ce
commit 1c191514ce
parent eae294384a
2 changed files with 182 additions and 8 deletions
--- a/2024/0xxx/CVE-2024-0295.json
+++ b/2024/0xxx/CVE-2024-0295.json
@ -1,17 +1,104 @@
 {
+    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
        "ID": "CVE-2024-0295",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ASSIGNER": "cna@vuldb.com",
+        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "A vulnerability, which was classified as critical, was found in Totolink LR1200GB 9.1.0u.6619_B20230130. This affects the function setWanCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249861 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
+            },
+            {
+                "lang": "deu",
+                "value": "Es wurde eine kritische Schwachstelle in Totolink LR1200GB 9.1.0u.6619_B20230130 gefunden. Hiervon betroffen ist die Funktion setWanCfg der Datei /cgi-bin/cstecgi.cgi. Durch das Manipulieren des Arguments hostName mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-78 OS Command Injection",
+                        "cweId": "CWE-78"
+                    }
+                ]
+            }
+        ]
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "Totolink",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "LR1200GB",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_affected": "=",
+                                            "version_value": "9.1.0u.6619_B20230130"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://vuldb.com/?id.249861",
+                "refsource": "MISC",
+                "name": "https://vuldb.com/?id.249861"
+            },
+            {
+                "url": "https://vuldb.com/?ctiid.249861",
+                "refsource": "MISC",
+                "name": "https://vuldb.com/?ctiid.249861"
+            },
+            {
+                "url": "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/setWanCfg/README.md",
+                "refsource": "MISC",
+                "name": "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/setWanCfg/README.md"
+            }
+        ]
+    },
+    "credits": [
+        {
+            "lang": "en",
+            "value": "jylsec (VulDB User)"
+        }
+    ],
+    "impact": {
+        "cvss": [
+            {
+                "version": "3.1",
+                "baseScore": 7.3,
+                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
+                "baseSeverity": "HIGH"
+            },
+            {
+                "version": "3.0",
+                "baseScore": 7.3,
+                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
+                "baseSeverity": "HIGH"
+            },
+            {
+                "version": "2.0",
+                "baseScore": 7.5,
+                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
            }
        ]
    }
--- a/2024/0xxx/CVE-2024-0296.json
+++ b/2024/0xxx/CVE-2024-0296.json
@ -1,17 +1,104 @@
 {
+    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
        "ID": "CVE-2024-0296",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ASSIGNER": "cna@vuldb.com",
+        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "A vulnerability has been found in Totolink N200RE 9.3.5u.6139_B20201216 and classified as critical. This vulnerability affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument host_time leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249862 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
+            },
+            {
+                "lang": "deu",
+                "value": "In Totolink N200RE 9.3.5u.6139_B20201216 wurde eine kritische Schwachstelle gefunden. Betroffen ist die Funktion NTPSyncWithHost der Datei /cgi-bin/cstecgi.cgi. Durch Manipulieren des Arguments host_time mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-78 OS Command Injection",
+                        "cweId": "CWE-78"
+                    }
+                ]
+            }
+        ]
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "Totolink",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "N200RE",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_affected": "=",
+                                            "version_value": "9.3.5u.6139_B20201216"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://vuldb.com/?id.249862",
+                "refsource": "MISC",
+                "name": "https://vuldb.com/?id.249862"
+            },
+            {
+                "url": "https://vuldb.com/?ctiid.249862",
+                "refsource": "MISC",
+                "name": "https://vuldb.com/?ctiid.249862"
+            },
+            {
+                "url": "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/N200RE/NTPSyncWithHost/README.md",
+                "refsource": "MISC",
+                "name": "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/N200RE/NTPSyncWithHost/README.md"
+            }
+        ]
+    },
+    "credits": [
+        {
+            "lang": "en",
+            "value": "jylsec (VulDB User)"
+        }
+    ],
+    "impact": {
+        "cvss": [
+            {
+                "version": "3.1",
+                "baseScore": 7.3,
+                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
+                "baseSeverity": "HIGH"
+            },
+            {
+                "version": "3.0",
+                "baseScore": 7.3,
+                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
+                "baseSeverity": "HIGH"
+            },
+            {
+                "version": "2.0",
+                "baseScore": 7.5,
+                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
            }
        ]
    }