From 619916392196345fc74e19e7e27f6af3aece091d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 22 Nov 2022 17:00:36 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2022/39xxx/CVE-2022-39066.json | 50 ++++++++++++++++++++++++++++++++-- 2022/39xxx/CVE-2022-39067.json | 50 ++++++++++++++++++++++++++++++++-- 2022/39xxx/CVE-2022-39070.json | 50 ++++++++++++++++++++++++++++++++-- 3 files changed, 141 insertions(+), 9 deletions(-) diff --git a/2022/39xxx/CVE-2022-39066.json b/2022/39xxx/CVE-2022-39066.json index 3decfb5dd6f..3f2675f2c74 100644 --- a/2022/39xxx/CVE-2022-39066.json +++ b/2022/39xxx/CVE-2022-39066.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-39066", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@zte.com.cn", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "MF286R", + "version": { + "version_data": [ + { + "version_value": "Nordic_MF286R_B06" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1027744", + "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1027744" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a SQL injection vulnerability in ZTE MF286R. Due to insufficient validation of the input parameters of the phonebook interface, an authenticated attacker could use the vulnerability to execute arbitrary SQL injection." } ] } diff --git a/2022/39xxx/CVE-2022-39067.json b/2022/39xxx/CVE-2022-39067.json index f3101adc537..73693cc5d1f 100644 --- a/2022/39xxx/CVE-2022-39067.json +++ b/2022/39xxx/CVE-2022-39067.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-39067", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@zte.com.cn", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "MF286R", + "version": { + "version_data": [ + { + "version_value": "Nordic_MF286R_B06" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1027784", + "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1027784" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a buffer overflow vulnerability in ZTE MF286R. Due to lack of input validation on parameters of the wifi interface, an authenticated attacker could use the vulnerability to perform a denial of service attack." } ] } diff --git a/2022/39xxx/CVE-2022-39070.json b/2022/39xxx/CVE-2022-39070.json index 1bfe7c9a44c..4314465ae27 100644 --- a/2022/39xxx/CVE-2022-39070.json +++ b/2022/39xxx/CVE-2022-39070.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-39070", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@zte.com.cn", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "ZXA10 C3XX", + "version": { + "version_data": [ + { + "version_value": "All versions up to V2.1.0 XGP002.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "access control vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1027824", + "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1027824" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is an access control vulnerability in some ZTE PON OLT products. Due to improper access control settings, remote attackers could use the vulnerability to log in to the device and execute any operation." } ] }