From 544bdae85a4275c1b1d87b807e118062ea6474df Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 4 Apr 2025 03:00:31 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2025/24xxx/CVE-2025-24310.json | 69 ++++++++++++++++- 2025/24xxx/CVE-2025-24317.json | 85 ++++++++++++++++++++- 2025/25xxx/CVE-2025-25061.json | 85 ++++++++++++++++++++- 2025/26xxx/CVE-2025-26401.json | 69 ++++++++++++++++- 2025/3xxx/CVE-2025-3199.json | 133 ++++++++++++++++++++++++++++++++- 2025/3xxx/CVE-2025-3202.json | 124 +++++++++++++++++++++++++++++- 2025/3xxx/CVE-2025-3203.json | 114 +++++++++++++++++++++++++++- 7 files changed, 651 insertions(+), 28 deletions(-) diff --git a/2025/24xxx/CVE-2025-24310.json b/2025/24xxx/CVE-2025-24310.json index 7488a96c2c5..7f1c3aa0762 100644 --- a/2025/24xxx/CVE-2025-24310.json +++ b/2025/24xxx/CVE-2025-24310.json @@ -1,17 +1,78 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-24310", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper restriction of rendered UI layers or frames issue exists in HMI ViewJet C-more series, which may allow a remote unauthenticated attacker to trick the product user to perform operations on the product's web pages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper restriction of rendered UI layers or frames", + "cweId": "CWE-1021" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "JTEKT ELECTRONICS CORPORATION", + "product": { + "product_data": [ + { + "product_name": "HMI ViewJet C-more series", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "All versions" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.electronics.jtekt.co.jp/en/topics/202503207271/", + "refsource": "MISC", + "name": "https://www.electronics.jtekt.co.jp/en/topics/202503207271/" + }, + { + "url": "https://jvn.jp/en/jp/JVN17260367/", + "refsource": "MISC", + "name": "https://jvn.jp/en/jp/JVN17260367/" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "baseSeverity": "MEDIUM", + "baseScore": 4.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" } ] } diff --git a/2025/24xxx/CVE-2025-24317.json b/2025/24xxx/CVE-2025-24317.json index b8fd849eb04..0ede1705e74 100644 --- a/2025/24xxx/CVE-2025-24317.json +++ b/2025/24xxx/CVE-2025-24317.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-24317", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Allocation of resources without limits or throttling issue exists in HMI ViewJet C-more series and HMI GC-A2 series, which may allow a remote unauthenticated attacker to cause a denial-of-service (DoS) condition." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Allocation of resources without limits or throttling", + "cweId": "CWE-770" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "JTEKT ELECTRONICS CORPORATION", + "product": { + "product_data": [ + { + "product_name": "HMI ViewJet C-more series", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "HMI GC-A2 series", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "All versions" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.electronics.jtekt.co.jp/en/topics/202503207271/", + "refsource": "MISC", + "name": "https://www.electronics.jtekt.co.jp/en/topics/202503207271/" + }, + { + "url": "https://www.electronics.jtekt.co.jp/en/topics/202503207269/", + "refsource": "MISC", + "name": "https://www.electronics.jtekt.co.jp/en/topics/202503207269/" + }, + { + "url": "https://jvn.jp/en/jp/JVN17260367/", + "refsource": "MISC", + "name": "https://jvn.jp/en/jp/JVN17260367/" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "baseSeverity": "MEDIUM", + "baseScore": 5.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ] } diff --git a/2025/25xxx/CVE-2025-25061.json b/2025/25xxx/CVE-2025-25061.json index ae64e592f31..51ae40ba174 100644 --- a/2025/25xxx/CVE-2025-25061.json +++ b/2025/25xxx/CVE-2025-25061.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-25061", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unintended proxy or intermediary ('Confused Deputy') issue exists in HMI ViewJet C-more series and HMI GC-A2 series, which may allow a remote unauthenticated attacker to use the product as an intermediary for FTP bounce attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Unintended proxy or intermediary ('Confused Deputy')", + "cweId": "CWE-441" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "JTEKT ELECTRONICS CORPORATION", + "product": { + "product_data": [ + { + "product_name": "HMI ViewJet C-more series", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "HMI GC-A2 series", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "All versions" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.electronics.jtekt.co.jp/en/topics/202503207271/", + "refsource": "MISC", + "name": "https://www.electronics.jtekt.co.jp/en/topics/202503207271/" + }, + { + "url": "https://www.electronics.jtekt.co.jp/en/topics/202503207269/", + "refsource": "MISC", + "name": "https://www.electronics.jtekt.co.jp/en/topics/202503207269/" + }, + { + "url": "https://jvn.jp/en/jp/JVN17260367/", + "refsource": "MISC", + "name": "https://jvn.jp/en/jp/JVN17260367/" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "baseSeverity": "MEDIUM", + "baseScore": 5.8, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N" } ] } diff --git a/2025/26xxx/CVE-2025-26401.json b/2025/26xxx/CVE-2025-26401.json index 42ed30aa3b8..e7d39b4feb8 100644 --- a/2025/26xxx/CVE-2025-26401.json +++ b/2025/26xxx/CVE-2025-26401.json @@ -1,17 +1,78 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-26401", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Weak encoding for password vulnerability exists in HMI ViewJet C-more series. If this vulnerability is exploited, authentication information may be obtained by a local authenticated attacker." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Weak encoding for password", + "cweId": "CWE-261" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "JTEKT ELECTRONICS CORPORATION", + "product": { + "product_data": [ + { + "product_name": "HMI ViewJet C-more series", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "All versions" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.electronics.jtekt.co.jp/en/topics/202503207271/", + "refsource": "MISC", + "name": "https://www.electronics.jtekt.co.jp/en/topics/202503207271/" + }, + { + "url": "https://jvn.jp/en/jp/JVN17260367/", + "refsource": "MISC", + "name": "https://jvn.jp/en/jp/JVN17260367/" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "baseSeverity": "MEDIUM", + "baseScore": 6.5, + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" } ] } diff --git a/2025/3xxx/CVE-2025-3199.json b/2025/3xxx/CVE-2025-3199.json index 9e97fe6b531..48dd2ca0a5e 100644 --- a/2025/3xxx/CVE-2025-3199.json +++ b/2025/3xxx/CVE-2025-3199.json @@ -1,17 +1,142 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-3199", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in ageerle ruoyi-ai up to 2.0.1 and classified as critical. Affected by this issue is some unknown functionality of the file ruoyi-modules/ruoyi-system/src/main/java/org/ruoyi/system/controller/system/SysModelController.java of the component API Interface. The manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.0.2 is able to address this issue. The name of the patch is c0daf641fb25b244591b7a6c3affa35c69d321fe. It is recommended to upgrade the affected component." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in ageerle ruoyi-ai bis 2.0.1 gefunden. Sie wurde als kritisch eingestuft. Dies betrifft einen unbekannten Teil der Datei ruoyi-modules/ruoyi-system/src/main/java/org/ruoyi/system/controller/system/SysModelController.java der Komponente API Interface. Durch die Manipulation mit unbekannten Daten kann eine improper authorization-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 2.0.2 vermag dieses Problem zu l\u00f6sen. Der Patch wird als c0daf641fb25b244591b7a6c3affa35c69d321fe bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Authorization", + "cweId": "CWE-285" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Incorrect Privilege Assignment", + "cweId": "CWE-266" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ageerle", + "product": { + "product_data": [ + { + "product_name": "ruoyi-ai", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0.0" + }, + { + "version_affected": "=", + "version_value": "2.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.303152", + "refsource": "MISC", + "name": "https://vuldb.com/?id.303152" + }, + { + "url": "https://vuldb.com/?ctiid.303152", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.303152" + }, + { + "url": "https://vuldb.com/?submit.545830", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.545830" + }, + { + "url": "https://github.com/Tr0e/CVE_Hunter/blob/main/ruoyi-ai/ruoyi-ai_UnauthorizedAccess_01.md", + "refsource": "MISC", + "name": "https://github.com/Tr0e/CVE_Hunter/blob/main/ruoyi-ai/ruoyi-ai_UnauthorizedAccess_01.md" + }, + { + "url": "https://github.com/ageerle/ruoyi-ai/issues/43#issuecomment-2763091490", + "refsource": "MISC", + "name": "https://github.com/ageerle/ruoyi-ai/issues/43#issuecomment-2763091490" + }, + { + "url": "https://github.com/ageerle/ruoyi-ai/issues/43", + "refsource": "MISC", + "name": "https://github.com/ageerle/ruoyi-ai/issues/43" + }, + { + "url": "https://github.com/gwozai/ruoyi-ai/commit/c0daf641fb25b244591b7a6c3affa35c69d321fe", + "refsource": "MISC", + "name": "https://github.com/gwozai/ruoyi-ai/commit/c0daf641fb25b244591b7a6c3affa35c69d321fe" + }, + { + "url": "https://github.com/ageerle/ruoyi-ai/releases/tag/v2.0.2", + "refsource": "MISC", + "name": "https://github.com/ageerle/ruoyi-ai/releases/tag/v2.0.2" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 7.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 7.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 7.5, + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P" } ] } diff --git a/2025/3xxx/CVE-2025-3202.json b/2025/3xxx/CVE-2025-3202.json index c022698183e..550b6731f20 100644 --- a/2025/3xxx/CVE-2025-3202.json +++ b/2025/3xxx/CVE-2025-3202.json @@ -1,17 +1,133 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-3202", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as critical has been found in ageerle ruoyi-ai up to 2.0.0. Affected is an unknown function of the file ruoyi-modules/ruoyi-system/src/main/java/org/ruoyi/system/controller/system/SysNoticeController.java. The manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.0.1 is able to address this issue. The name of the patch is 6382e177bf90cc56ff70521842409e35c50df32d. It is recommended to upgrade the affected component." + }, + { + "lang": "deu", + "value": "Es wurde eine kritische Schwachstelle in ageerle ruoyi-ai bis 2.0.0 entdeckt. Hiervon betroffen ist ein unbekannter Codeblock der Datei ruoyi-modules/ruoyi-system/src/main/java/org/ruoyi/system/controller/system/SysNoticeController.java. Durch das Manipulieren mit unbekannten Daten kann eine improper authorization-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 2.0.1 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 6382e177bf90cc56ff70521842409e35c50df32d bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Authorization", + "cweId": "CWE-285" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Incorrect Privilege Assignment", + "cweId": "CWE-266" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ageerle", + "product": { + "product_data": [ + { + "product_name": "ruoyi-ai", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.303156", + "refsource": "MISC", + "name": "https://vuldb.com/?id.303156" + }, + { + "url": "https://vuldb.com/?ctiid.303156", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.303156" + }, + { + "url": "https://vuldb.com/?submit.545866", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.545866" + }, + { + "url": "https://github.com/Tr0e/CVE_Hunter/blob/main/ruoyi-ai/ruoyi-ai_UnauthorizedAccess_02.md", + "refsource": "MISC", + "name": "https://github.com/Tr0e/CVE_Hunter/blob/main/ruoyi-ai/ruoyi-ai_UnauthorizedAccess_02.md" + }, + { + "url": "https://github.com/ageerle/ruoyi-ai/issues/44#issue-2957771318", + "refsource": "MISC", + "name": "https://github.com/ageerle/ruoyi-ai/issues/44#issue-2957771318" + }, + { + "url": "https://github.com/ageerle/ruoyi-ai/commit/6382e177bf90cc56ff70521842409e35c50df32d", + "refsource": "MISC", + "name": "https://github.com/ageerle/ruoyi-ai/commit/6382e177bf90cc56ff70521842409e35c50df32d" + }, + { + "url": "https://github.com/ageerle/ruoyi-ai/releases/tag/v2.0.1", + "refsource": "MISC", + "name": "https://github.com/ageerle/ruoyi-ai/releases/tag/v2.0.1" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 7.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 7.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 7.5, + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P" } ] } diff --git a/2025/3xxx/CVE-2025-3203.json b/2025/3xxx/CVE-2025-3203.json index 1bc572f9666..9ca80776881 100644 --- a/2025/3xxx/CVE-2025-3203.json +++ b/2025/3xxx/CVE-2025-3203.json @@ -1,17 +1,123 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-3203", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as problematic was found in Tenda W18E 16.01.0.11. Affected by this vulnerability is the function formSetAccountList of the file /goform/setModules. The manipulation of the argument Password leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "In Tenda W18E 16.01.0.11 wurde eine problematische Schwachstelle entdeckt. Betroffen ist die Funktion formSetAccountList der Datei /goform/setModules. Durch Manipulieren des Arguments Password mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Memory Corruption", + "cweId": "CWE-119" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Tenda", + "product": { + "product_data": [ + { + "product_name": "W18E", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "16.01.0.11" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.303157", + "refsource": "MISC", + "name": "https://vuldb.com/?id.303157" + }, + { + "url": "https://vuldb.com/?ctiid.303157", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.303157" + }, + { + "url": "https://vuldb.com/?submit.545883", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.545883" + }, + { + "url": "https://github.com/ZIKH26/tmp_store_reports/blob/main/tenda-w18e.md", + "refsource": "MISC", + "name": "https://github.com/ZIKH26/tmp_store_reports/blob/main/tenda-w18e.md" + }, + { + "url": "https://www.tenda.com.cn/", + "refsource": "MISC", + "name": "https://www.tenda.com.cn/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "ZIKH26 (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 4.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P" } ] }