admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-merge PR#3913

Browse Source 
Auto-merge PR#3913
This commit is contained in:
CVE Team 2022-01-03 05:10:28 -05:00 committed by GitHub
commit 359991e395
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 246 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

88
2021/44xxx/CVE-2021-44158.json
View File

@ -1,18 +1,94 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2022-01-03T08:18:00.000Z",
"ID": "CVE-2021-44158",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "ASUS RT-AX56U Router - Stack-based buffer overflow"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RT-AX56U",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.0.0.4.386.44266"
}
]
}
}
]
},
"vendor_name": "ASUS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "ASUS RT-AX56U Wi-Fi Router is vulnerable to stack-based buffer overflow due to improper validation for httpd parameter length. An authenticated local area network attacker can launch arbitrary code execution to control the system or disrupt service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.twcert.org.tw/tw/cp-132-5431-d23be-1.html"
}
]
},
"solution": [
{
"lang": "eng",
"value": "ASUS RT-AX56U firmware update version to 3.0.0.4.386.45898"
}
],
"source": {
"advisory": "TVN-202112001",
"discovery": "EXTERNAL"
}
}

88
2021/45xxx/CVE-2021-45916.json
View File

@ -1,18 +1,94 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-12-30T08:40:00.000Z",
"ID": "CVE-2021-45916",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "SUN & MOON RISE CO., LTD. Shockwall - Improper Input Validation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Shockwall",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "7.20.0401"
}
]
}
}
]
},
"vendor_name": "SUN & MOON RISE CO., LTD."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The programming function of Shockwall system has an improper input validation vulnerability. An authenticated attacker within the local area network can send malicious response to the server to disrupt the service partially."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.twcert.org.tw/tw/cp-132-5432-b9074-1.html"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Contact tech support from SUN & MOON RISE CO., LTD."
}
],
"source": {
"advisory": "TVN-202109020",
"discovery": "EXTERNAL"
}
}

88
2021/45xxx/CVE-2021-45917.json
View File

@ -1,18 +1,94 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-12-30T08:40:00.000Z",
"ID": "CVE-2021-45917",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "SUN & MOON RISE CO., LTD. Shockwall - Improper Authentication"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Shockwall",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "7.20.0401"
}
]
}
}
]
},
"vendor_name": "SUN & MOON RISE CO., LTD."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The server-request receiver function of Shockwall system has an improper authentication vulnerability. An authenticated attacker of an agent computer within the local area network can use the local registry information to launch server-side request forgery (SSRF) attack on another agent computer, resulting in arbitrary code execution for controlling the system or disrupting service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.twcert.org.tw/tw/cp-132-5433-77f6f-1.html"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Contact tech support from SUN & MOON RISE CO., LTD."
}
],
"source": {
"advisory": "TVN-202109021",
"discovery": "EXTERNAL"
}
}