From 5cff3ac247aa27b9eeafdf6747f9367424528da6 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 2 Dec 2024 23:00:39 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2018/9xxx/CVE-2018-9435.json | 91 +++++++++++++++++++++++++++++++--- 2024/12xxx/CVE-2024-12076.json | 18 +++++++ 2024/53xxx/CVE-2024-53375.json | 61 ++++++++++++++++++++--- 2024/53xxx/CVE-2024-53937.json | 61 ++++++++++++++++++++--- 2024/53xxx/CVE-2024-53938.json | 61 ++++++++++++++++++++--- 2024/53xxx/CVE-2024-53939.json | 66 +++++++++++++++++++++--- 2024/53xxx/CVE-2024-53940.json | 56 ++++++++++++++++++--- 2024/53xxx/CVE-2024-53941.json | 61 ++++++++++++++++++++--- 8 files changed, 431 insertions(+), 44 deletions(-) create mode 100644 2024/12xxx/CVE-2024-12076.json diff --git a/2018/9xxx/CVE-2018-9435.json b/2018/9xxx/CVE-2018-9435.json index f41a208a84e..8e5d40fb8e2 100644 --- a/2018/9xxx/CVE-2018-9435.json +++ b/2018/9xxx/CVE-2018-9435.json @@ -1,18 +1,93 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-9435", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2018-9435", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In gatt_process_error_rsp of gatt_cl.cc, there is a possible out of bound\u00a0read due to a missing bounds check. This could lead to local information\u00a0disclosure with no additional execution privileges needed. User interaction\u00a0is not needed for exploitation." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "6" + }, + { + "version_affected": "=", + "version_value": "6.0.1" + }, + { + "version_affected": "=", + "version_value": "7" + }, + { + "version_affected": "=", + "version_value": "7.1.1" + }, + { + "version_affected": "=", + "version_value": "7.1.2" + }, + { + "version_affected": "=", + "version_value": "8" + }, + { + "version_affected": "=", + "version_value": "8.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://source.android.com/docs/security/bulletin/pixel/2018-08-01", + "refsource": "MISC", + "name": "https://source.android.com/docs/security/bulletin/pixel/2018-08-01" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2024/12xxx/CVE-2024-12076.json b/2024/12xxx/CVE-2024-12076.json new file mode 100644 index 00000000000..c0dbc55ac26 --- /dev/null +++ b/2024/12xxx/CVE-2024-12076.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-12076", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/53xxx/CVE-2024-53375.json b/2024/53xxx/CVE-2024-53375.json index 2d3951c8c08..7a021219a80 100644 --- a/2024/53xxx/CVE-2024-53375.json +++ b/2024/53xxx/CVE-2024-53375.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-53375", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-53375", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Authenticated remote code execution (RCE) vulnerabilities affect TP-Link Archer, Deco, and Tapo series routers. A vulnerability exists in the \"tmp_get_sites\" function of the HomeShield functionality provided by TP-Link. This vulnerability is still exploitable without the installation or activation of the HomeShield functionality." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/ThottySploity/CVE-2024-53375", + "url": "https://github.com/ThottySploity/CVE-2024-53375" + }, + { + "refsource": "MISC", + "name": "https://thottysploity.github.io/posts/cve-2024-53375/", + "url": "https://thottysploity.github.io/posts/cve-2024-53375/" } ] } diff --git a/2024/53xxx/CVE-2024-53937.json b/2024/53xxx/CVE-2024-53937.json index ff1e0b3334f..caa237d3f50 100644 --- a/2024/53xxx/CVE-2024-53937.json +++ b/2024/53xxx/CVE-2024-53937.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-53937", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-53937", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered on Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. The TELNET service is enabled by default with admin/admin as default credentials and is exposed over the LAN. The allows attackers to execute arbitrary commands with root-level permissions. Device setup does not require this password to be changed during setup in order to utilize the device. (However, the TELNET password is dictated by the current GUI password.)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/actuator/cve/blob/main/Victure/Victure_RX1800_Security_Report.pdf", + "url": "https://github.com/actuator/cve/blob/main/Victure/Victure_RX1800_Security_Report.pdf" + }, + { + "refsource": "MISC", + "name": "https://github.com/actuator/cve/blob/main/Victure/CVE-2024-53937.txt", + "url": "https://github.com/actuator/cve/blob/main/Victure/CVE-2024-53937.txt" } ] } diff --git a/2024/53xxx/CVE-2024-53938.json b/2024/53xxx/CVE-2024-53938.json index dac6eea2d7e..b958c9372b7 100644 --- a/2024/53xxx/CVE-2024-53938.json +++ b/2024/53xxx/CVE-2024-53938.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-53938", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-53938", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. The TELNET service is enabled by default and exposed over the LAN. The root account is accessible without a password, allowing attackers to achieve full control over the router remotely without any authentication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/actuator/cve/blob/main/Victure/Victure_RX1800_Security_Report.pdf", + "url": "https://github.com/actuator/cve/blob/main/Victure/Victure_RX1800_Security_Report.pdf" + }, + { + "refsource": "MISC", + "name": "https://github.com/actuator/cve/blob/main/Victure/CVE-2024-53938.txt", + "url": "https://github.com/actuator/cve/blob/main/Victure/CVE-2024-53938.txt" } ] } diff --git a/2024/53xxx/CVE-2024-53939.json b/2024/53xxx/CVE-2024-53939.json index 5ec2b0186f8..cccc78a9f86 100644 --- a/2024/53xxx/CVE-2024-53939.json +++ b/2024/53xxx/CVE-2024-53939.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-53939", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-53939", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. The /cgi-bin/luci/admin/opsw/Dual_freq_un_apple endpoint is vulnerable to command injection through the 2.4 GHz and 5 GHz name parameters, allowing an attacker to execute arbitrary commands on the device (with root-level permissions) via crafted input." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/actuator/cve/blob/main/Victure/CVE-2024-53939.txt", + "url": "https://github.com/actuator/cve/blob/main/Victure/CVE-2024-53939.txt" + }, + { + "refsource": "MISC", + "name": "https://github.com/actuator/cve/blob/main/Victure/Victure_RX1800_Security_Report.pdf", + "url": "https://github.com/actuator/cve/blob/main/Victure/Victure_RX1800_Security_Report.pdf" + }, + { + "refsource": "MISC", + "name": "https://github.com/actuator/cve/blob/main/Victure/RX1800-EN_V1.0.0_r12_110933-CMD-INJ-WIFI-SHELL.gif", + "url": "https://github.com/actuator/cve/blob/main/Victure/RX1800-EN_V1.0.0_r12_110933-CMD-INJ-WIFI-SHELL.gif" } ] } diff --git a/2024/53xxx/CVE-2024-53940.json b/2024/53xxx/CVE-2024-53940.json index 4be38f7c4a3..f2328a00ee8 100644 --- a/2024/53xxx/CVE-2024-53940.json +++ b/2024/53xxx/CVE-2024-53940.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-53940", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-53940", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. Certain /cgi-bin/luci/admin endpoints are vulnerable to command injection. Attackers can exploit this by sending crafted payloads through parameters intended for the ping utility, enabling arbitrary command execution with root-level permissions on the device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/actuator/cve/blob/main/Victure/CVE-2024-53940.txt", + "url": "https://github.com/actuator/cve/blob/main/Victure/CVE-2024-53940.txt" } ] } diff --git a/2024/53xxx/CVE-2024-53941.json b/2024/53xxx/CVE-2024-53941.json index 672cc3c3f8d..91f07607fa7 100644 --- a/2024/53xxx/CVE-2024-53941.json +++ b/2024/53xxx/CVE-2024-53941.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-53941", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-53941", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. A remote attacker (in proximity to a Wi-Fi network) can derive the default Wi-Fi PSK value via the last 4 octets of the BSSID." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/actuator/cve/blob/main/Victure/Victure_RX1800_Security_Report.pdf", + "url": "https://github.com/actuator/cve/blob/main/Victure/Victure_RX1800_Security_Report.pdf" + }, + { + "refsource": "MISC", + "name": "https://github.com/actuator/cve/blob/main/Victure/CVE-2024-53941.txt", + "url": "https://github.com/actuator/cve/blob/main/Victure/CVE-2024-53941.txt" } ] }