From 4ad8b405ff7fc84c0e3c765cb8a1c6c7f68758f1 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 29 Jul 2024 05:00:40 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/7xxx/CVE-2024-7183.json | 100 +++++++++++++++++++++++++++++++++-- 2024/7xxx/CVE-2024-7184.json | 100 +++++++++++++++++++++++++++++++++-- 2024/7xxx/CVE-2024-7204.json | 18 +++++++ 3 files changed, 210 insertions(+), 8 deletions(-) create mode 100644 2024/7xxx/CVE-2024-7204.json diff --git a/2024/7xxx/CVE-2024-7183.json b/2024/7xxx/CVE-2024-7183.json index 223b38c5211..553e291b7f1 100644 --- a/2024/7xxx/CVE-2024-7183.json +++ b/2024/7xxx/CVE-2024-7183.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-7183", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as critical, was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. Affected is the function setUploadSetting of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272604. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in TOTOLINK A3600R 4.1.2cu.5182_B20201102 gefunden. Sie wurde als kritisch eingestuft. Betroffen hiervon ist die Funktion setUploadSetting der Datei /cgi-bin/cstecgi.cgi. Mit der Manipulation des Arguments FileName mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-120 Buffer Overflow", + "cweId": "CWE-120" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "TOTOLINK", + "product": { + "product_data": [ + { + "product_name": "A3600R", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.1.2cu.5182_B20201102" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.272604", + "refsource": "MISC", + "name": "https://vuldb.com/?id.272604" + }, + { + "url": "https://vuldb.com/?ctiid.272604", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.272604" + }, + { + "url": "https://vuldb.com/?submit.378052", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.378052" + }, + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setUploadSetting.md", + "refsource": "MISC", + "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setUploadSetting.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "wxhwxhwxh_tutu (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 8.8, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 8.8, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 9, + "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C" } ] } diff --git a/2024/7xxx/CVE-2024-7184.json b/2024/7xxx/CVE-2024-7184.json index 749fc60e1aa..3be83b8a698 100644 --- a/2024/7xxx/CVE-2024-7184.json +++ b/2024/7xxx/CVE-2024-7184.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-7184", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102 and classified as critical. Affected by this vulnerability is the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272605 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "In TOTOLINK A3600R 4.1.2cu.5182_B20201102 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Es geht um die Funktion setUrlFilterRules der Datei /cgi-bin/cstecgi.cgi. Durch die Manipulation des Arguments url mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-120 Buffer Overflow", + "cweId": "CWE-120" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "TOTOLINK", + "product": { + "product_data": [ + { + "product_name": "A3600R", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.1.2cu.5182_B20201102" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.272605", + "refsource": "MISC", + "name": "https://vuldb.com/?id.272605" + }, + { + "url": "https://vuldb.com/?ctiid.272605", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.272605" + }, + { + "url": "https://vuldb.com/?submit.378053", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.378053" + }, + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setUrlFilterRules.md", + "refsource": "MISC", + "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setUrlFilterRules.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "wxhwxhwxh_tutu (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 8.8, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 8.8, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 9, + "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C" } ] } diff --git a/2024/7xxx/CVE-2024-7204.json b/2024/7xxx/CVE-2024-7204.json new file mode 100644 index 00000000000..a6931cdf95d --- /dev/null +++ b/2024/7xxx/CVE-2024-7204.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-7204", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file