"-Synchronized-Data."

2025-07-30 18:04:30 +00:00 · 2024-08-05 01:00:35 +00:00 · 2024-08-05 01:00:35 +00:00 · 38da406925
commit 38da406925
parent 1a42193b27
2 changed files with 192 additions and 8 deletions
--- a/2024/7xxx/CVE-2024-7462.json
+++ b/2024/7xxx/CVE-2024-7462.json
@ -1,17 +1,109 @@
 {
+    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
        "ID": "CVE-2024-7462",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ASSIGNER": "cna@vuldb.com",
+        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "A vulnerability classified as critical has been found in TOTOLINK N350RT 9.3.5u.6139_B20201216. This affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273555. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
+            },
+            {
+                "lang": "deu",
+                "value": "Es wurde eine Schwachstelle in TOTOLINK N350RT 9.3.5u.6139_B20201216 entdeckt. Sie wurde als kritisch eingestuft. Es betrifft die Funktion setWizardCfg der Datei /cgi-bin/cstecgi.cgi. Durch das Manipulieren des Arguments ssid mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-120 Buffer Overflow",
+                        "cweId": "CWE-120"
+                    }
+                ]
+            }
+        ]
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "TOTOLINK",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "N350RT",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_affected": "=",
+                                            "version_value": "9.3.5u.6139_B20201216"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://vuldb.com/?id.273555",
+                "refsource": "MISC",
+                "name": "https://vuldb.com/?id.273555"
+            },
+            {
+                "url": "https://vuldb.com/?ctiid.273555",
+                "refsource": "MISC",
+                "name": "https://vuldb.com/?ctiid.273555"
+            },
+            {
+                "url": "https://vuldb.com/?submit.381325",
+                "refsource": "MISC",
+                "name": "https://vuldb.com/?submit.381325"
+            },
+            {
+                "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/N350R/setWizardCfg.md",
+                "refsource": "MISC",
+                "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/N350R/setWizardCfg.md"
+            }
+        ]
+    },
+    "credits": [
+        {
+            "lang": "en",
+            "value": "yhryhryhr_tu (VulDB User)"
+        }
+    ],
+    "impact": {
+        "cvss": [
+            {
+                "version": "3.1",
+                "baseScore": 8.8,
+                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+                "baseSeverity": "HIGH"
+            },
+            {
+                "version": "3.0",
+                "baseScore": 8.8,
+                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+                "baseSeverity": "HIGH"
+            },
+            {
+                "version": "2.0",
+                "baseScore": 9,
+                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C"
            }
        ]
    }
--- a/2024/7xxx/CVE-2024-7463.json
+++ b/2024/7xxx/CVE-2024-7463.json
@ -1,17 +1,109 @@
 {
+    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
        "ID": "CVE-2024-7463",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ASSIGNER": "cna@vuldb.com",
+        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "A vulnerability classified as critical was found in TOTOLINK CP900 6.3c.566. This vulnerability affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument File leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273556. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
+            },
+            {
+                "lang": "deu",
+                "value": "In TOTOLINK CP900 6.3c.566 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Das betrifft die Funktion UploadCustomModule der Datei /cgi-bin/cstecgi.cgi. Durch Manipulieren des Arguments File mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-120 Buffer Overflow",
+                        "cweId": "CWE-120"
+                    }
+                ]
+            }
+        ]
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "TOTOLINK",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "CP900",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_affected": "=",
+                                            "version_value": "6.3c.566"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://vuldb.com/?id.273556",
+                "refsource": "MISC",
+                "name": "https://vuldb.com/?id.273556"
+            },
+            {
+                "url": "https://vuldb.com/?ctiid.273556",
+                "refsource": "MISC",
+                "name": "https://vuldb.com/?ctiid.273556"
+            },
+            {
+                "url": "https://vuldb.com/?submit.381333",
+                "refsource": "MISC",
+                "name": "https://vuldb.com/?submit.381333"
+            },
+            {
+                "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/CP900/UploadCustomModule.md",
+                "refsource": "MISC",
+                "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/CP900/UploadCustomModule.md"
+            }
+        ]
+    },
+    "credits": [
+        {
+            "lang": "en",
+            "value": "yhryhryhr_tu (VulDB User)"
+        }
+    ],
+    "impact": {
+        "cvss": [
+            {
+                "version": "3.1",
+                "baseScore": 8.8,
+                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+                "baseSeverity": "HIGH"
+            },
+            {
+                "version": "3.0",
+                "baseScore": 8.8,
+                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+                "baseSeverity": "HIGH"
+            },
+            {
+                "version": "2.0",
+                "baseScore": 9,
+                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C"
            }
        ]
    }