diff --git a/2024/10xxx/CVE-2024-10704.json b/2024/10xxx/CVE-2024-10704.json
index 958760abbbe..0c705fc3d12 100644
--- a/2024/10xxx/CVE-2024-10704.json
+++ b/2024/10xxx/CVE-2024-10704.json
@@ -1,18 +1,80 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-10704",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "contact@wpscan.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "The Photo Gallery by 10Web WordPress plugin before 1.8.31 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)."
}
]
- }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-79 Cross-Site Scripting (XSS)"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Unknown",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Photo Gallery by 10Web",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "0",
+ "version_value": "1.8.31"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://wpscan.com/vulnerability/6c115117-11c0-4c9e-9988-8547c9364c01/",
+ "refsource": "MISC",
+ "name": "https://wpscan.com/vulnerability/6c115117-11c0-4c9e-9988-8547c9364c01/"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "WPScan CVE Generator"
+ },
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Dmitrii Ignatyev"
+ },
+ {
+ "lang": "en",
+ "value": "WPScan"
+ }
+ ]
}
\ No newline at end of file
diff --git a/2024/10xxx/CVE-2024-10980.json b/2024/10xxx/CVE-2024-10980.json
index a34c1beec11..2737c607214 100644
--- a/2024/10xxx/CVE-2024-10980.json
+++ b/2024/10xxx/CVE-2024-10980.json
@@ -1,18 +1,80 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-10980",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "contact@wpscan.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) WordPress plugin before 5.10.3 does not validate and escape some of its Cookie Consent block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks."
}
]
- }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-79 Cross-Site Scripting (XSS)"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Unknown",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows)",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "0",
+ "version_value": "5.10.3"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://wpscan.com/vulnerability/915daad8-d14c-4457-a3a0-aa21744f4ae0/",
+ "refsource": "MISC",
+ "name": "https://wpscan.com/vulnerability/915daad8-d14c-4457-a3a0-aa21744f4ae0/"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "WPScan CVE Generator"
+ },
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Dmitrii Ignatyev"
+ },
+ {
+ "lang": "en",
+ "value": "WPScan"
+ }
+ ]
}
\ No newline at end of file
diff --git a/2024/11xxx/CVE-2024-11980.json b/2024/11xxx/CVE-2024-11980.json
index 693ab2ad92e..e39b4233098 100644
--- a/2024/11xxx/CVE-2024-11980.json
+++ b/2024/11xxx/CVE-2024-11980.json
@@ -1,17 +1,183 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11980",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cve@cert.org.tw",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Certain modes of routers from Billion Electric have a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly access the specific functionality to obtain partial device information, modify the WiFi SSID, and restart the device."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-306 Missing Authentication for Critical Function",
+ "cweId": "CWE-306"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Billion Electric",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "M100",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "1.04.1.592.*",
+ "version_value": "1.04.1.592.8"
+ },
+ {
+ "version_affected": "<",
+ "version_name": "1.04.1.613.*",
+ "version_value": "1.04.613.13"
+ },
+ {
+ "version_affected": "<",
+ "version_name": "1.04.1.*",
+ "version_value": "1.04.1.675"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "M150",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "1.04.1.592.*",
+ "version_value": "1.04.1.592.8"
+ },
+ {
+ "version_affected": "<",
+ "version_name": "1.04.1.613.*",
+ "version_value": "1.04.613.13"
+ },
+ {
+ "version_affected": "<",
+ "version_name": "1.04.1.*",
+ "version_value": "1.04.1.675"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "M120N",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "1.04.1.592.*",
+ "version_value": "1.04.1.592.8"
+ },
+ {
+ "version_affected": "<",
+ "version_name": "1.04.1.613.*",
+ "version_value": "1.04.613.13"
+ },
+ {
+ "version_affected": "<",
+ "version_name": "1.04.1.*",
+ "version_value": "1.04.1.675"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "M500",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "1.04.1.592.*",
+ "version_value": "1.04.1.592.8"
+ },
+ {
+ "version_affected": "<",
+ "version_name": "1.04.1.613.*",
+ "version_value": "1.04.613.13"
+ },
+ {
+ "version_affected": "<",
+ "version_name": "1.04.1.*",
+ "version_value": "1.04.1.675"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.twcert.org.tw/tw/cp-132-8273-95a07-1.html",
+ "refsource": "MISC",
+ "name": "https://www.twcert.org.tw/tw/cp-132-8273-95a07-1.html"
+ },
+ {
+ "url": "https://www.twcert.org.tw/en/cp-139-8274-01e55-2.html",
+ "refsource": "MISC",
+ "name": "https://www.twcert.org.tw/en/cp-139-8274-01e55-2.html"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "advisory": "TVN-202411025",
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "For firmware version 1.04.1.592.x, please update to 1.04.1.592.8 or later.
For firmware version 1.04.1.613.x, please update to 1.04.1.613.13 or later.
For all other firmware version 1.04.1.x, please update to 1.04.1.675 or later.
"
+ }
+ ],
+ "value": "For firmware version 1.04.1.592.x, please update to 1.04.1.592.8 or later.\nFor firmware version 1.04.1.613.x, please update to 1.04.1.613.13 or later.\nFor all other firmware version 1.04.1.x, please update to 1.04.1.675 or later."
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "HIGH",
+ "baseScore": 10,
+ "baseSeverity": "CRITICAL",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "NONE",
+ "scope": "CHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2024/11xxx/CVE-2024-11981.json b/2024/11xxx/CVE-2024-11981.json
index fe8b42b8e03..2f5a1062211 100644
--- a/2024/11xxx/CVE-2024-11981.json
+++ b/2024/11xxx/CVE-2024-11981.json
@@ -1,17 +1,183 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11981",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cve@cert.org.tw",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Certain models of routers from Billion Electric has an Authentication Bypass vulnerability, allowing unautheticated attackers to retrive contents of arbitrary web pages."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
+ "cweId": "CWE-288"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Billion Electric",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "M100",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "1.04.1.592.*",
+ "version_value": "1.04.1.592.8"
+ },
+ {
+ "version_affected": "<",
+ "version_name": "1.04.1.613.*",
+ "version_value": "1.04.1.613.13"
+ },
+ {
+ "version_affected": "<",
+ "version_name": "1.04.1.*",
+ "version_value": "1.04.1.675"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "M150",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "1.04.1.592.*",
+ "version_value": "1.04.1.592.8"
+ },
+ {
+ "version_affected": "<",
+ "version_name": "1.04.1.613.*",
+ "version_value": "1.04.1.613.13"
+ },
+ {
+ "version_affected": "<",
+ "version_name": "1.04.1.*",
+ "version_value": "1.04.1.675"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "M120N",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "1.04.1.592.*",
+ "version_value": "1.04.1.592.8"
+ },
+ {
+ "version_affected": "<",
+ "version_name": "1.04.1.613.*",
+ "version_value": "1.04.1.613.13"
+ },
+ {
+ "version_affected": "<",
+ "version_name": "1.04.1.*",
+ "version_value": "1.04.1.675"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "M500",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "1.04.1.592.*",
+ "version_value": "1.04.1.592.8"
+ },
+ {
+ "version_affected": "<",
+ "version_name": "1.04.1.613.*",
+ "version_value": "1.04.1.613.13"
+ },
+ {
+ "version_affected": "<",
+ "version_name": "1.04.1.*",
+ "version_value": "1.04.1.675"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.twcert.org.tw/tw/cp-132-8275-50f42-1.html",
+ "refsource": "MISC",
+ "name": "https://www.twcert.org.tw/tw/cp-132-8275-50f42-1.html"
+ },
+ {
+ "url": "https://www.twcert.org.tw/en/cp-139-8276-1defb-2.html",
+ "refsource": "MISC",
+ "name": "https://www.twcert.org.tw/en/cp-139-8276-1defb-2.html"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "advisory": "TVN-202411026",
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "For firmware version 1.04.1.592.x, please update to 1.04.1.592.8 or later.
For firmware version 1.04.1.613.x, please update to 1.04.1.613.13 or later.
For all other firmware version 1.04.1.x, please update to 1.04.1.675 or later.
"
+ }
+ ],
+ "value": "For firmware version 1.04.1.592.x, please update to 1.04.1.592.8 or later.\nFor firmware version 1.04.1.613.x, please update to 1.04.1.613.13 or later.\nFor all other firmware version 1.04.1.x, please update to 1.04.1.675 or later."
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "version": "3.1"
}
]
}
diff --git a/2024/11xxx/CVE-2024-11982.json b/2024/11xxx/CVE-2024-11982.json
index a6144d3e09d..25699427753 100644
--- a/2024/11xxx/CVE-2024-11982.json
+++ b/2024/11xxx/CVE-2024-11982.json
@@ -1,17 +1,183 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11982",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cve@cert.org.tw",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Certain models of routers from Billion Electric has a Plaintext Storage of a Password vulnerability. Remote attackers with administrator privileges can access the user settings page to retrieve plaintext passwords."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-256 Plaintext Storage of a Password",
+ "cweId": "CWE-256"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Billion Electric",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "M100",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "1.04.1.592.*",
+ "version_value": "1.04.1.592.8"
+ },
+ {
+ "version_affected": "<",
+ "version_name": "1.04.1.613.*",
+ "version_value": "1.04.1.613.13"
+ },
+ {
+ "version_affected": "<",
+ "version_name": "1.04.1.*",
+ "version_value": "1.04.1.675"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "M150",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "1.04.1.592.*",
+ "version_value": "1.04.1.592.8"
+ },
+ {
+ "version_affected": "<",
+ "version_name": "1.04.1.613.*",
+ "version_value": "1.04.1.613.13"
+ },
+ {
+ "version_affected": "<",
+ "version_name": "1.04.1.*",
+ "version_value": "1.04.1.675"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "M120N",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "1.04.1.592.*",
+ "version_value": "1.04.1.592.8"
+ },
+ {
+ "version_affected": "<",
+ "version_name": "1.04.1.613.*",
+ "version_value": "1.04.1.613.13"
+ },
+ {
+ "version_affected": "<",
+ "version_name": "1.04.1.*",
+ "version_value": "1.04.1.675"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "M500",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "1.04.1.592.*",
+ "version_value": "1.04.1.592.8"
+ },
+ {
+ "version_affected": "<",
+ "version_name": "1.04.1.613.*",
+ "version_value": "1.04.1.613.13"
+ },
+ {
+ "version_affected": "<",
+ "version_name": "1.04.1.*",
+ "version_value": "1.04.1.675"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.twcert.org.tw/tw/cp-132-8277-88b20-1.html",
+ "refsource": "MISC",
+ "name": "https://www.twcert.org.tw/tw/cp-132-8277-88b20-1.html"
+ },
+ {
+ "url": "https://www.twcert.org.tw/en/cp-139-8278-cb581-2.html",
+ "refsource": "MISC",
+ "name": "https://www.twcert.org.tw/en/cp-139-8278-cb581-2.html"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "advisory": "TVN-202411027",
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "For firmware version 1.04.1.592.x, please update to 1.04.1.592.8 or later.
For firmware version 1.04.1.613.x, please update to 1.04.1.613.13 or later.
For all other firmware version 1.04.1.x, please update to 1.04.1.675 or later.
"
+ }
+ ],
+ "value": "For firmware version 1.04.1.592.x, please update to 1.04.1.592.8 or later.\nFor firmware version 1.04.1.613.x, please update to 1.04.1.613.13 or later.\nFor all other firmware version 1.04.1.x, please update to 1.04.1.675 or later."
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.2,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "HIGH",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2024/11xxx/CVE-2024-11983.json b/2024/11xxx/CVE-2024-11983.json
index 4a7186b32ad..0f60b937cd8 100644
--- a/2024/11xxx/CVE-2024-11983.json
+++ b/2024/11xxx/CVE-2024-11983.json
@@ -1,17 +1,183 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11983",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cve@cert.org.tw",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Certain models of routers from Billion Electric has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject arbitrary system commands into a specific SSH function and execute them on the device."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
+ "cweId": "CWE-78"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Billion Electric",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "M100",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "1.04.1.592.*",
+ "version_value": "1.04.1.592.8"
+ },
+ {
+ "version_affected": "<",
+ "version_name": "1.04.1.613.*",
+ "version_value": "1.04.1.613.13"
+ },
+ {
+ "version_affected": "<",
+ "version_name": "1.04.1.*",
+ "version_value": "1.04.1.675"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "M150",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "1.04.1.592.*",
+ "version_value": "1.04.1.592.8"
+ },
+ {
+ "version_affected": "<",
+ "version_name": "1.04.1.613.*",
+ "version_value": "1.04.1.613.13"
+ },
+ {
+ "version_affected": "<",
+ "version_name": "1.04.1.*",
+ "version_value": "1.04.1.675"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "M120N",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "1.04.1.592.*",
+ "version_value": "1.04.1.592.8"
+ },
+ {
+ "version_affected": "<",
+ "version_name": "1.04.1.613.*",
+ "version_value": "1.04.1.613.13"
+ },
+ {
+ "version_affected": "<",
+ "version_name": "1.04.1.*",
+ "version_value": "1.04.1.675"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "M500",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "1.04.1.592.*",
+ "version_value": "1.04.1.592.8"
+ },
+ {
+ "version_affected": "<",
+ "version_name": "1.04.1.613.*",
+ "version_value": "1.04.1.613.13"
+ },
+ {
+ "version_affected": "<",
+ "version_name": "1.04.1.*",
+ "version_value": "1.04.1.675"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.twcert.org.tw/tw/cp-132-8279-bf67e-1.html",
+ "refsource": "MISC",
+ "name": "https://www.twcert.org.tw/tw/cp-132-8279-bf67e-1.html"
+ },
+ {
+ "url": "https://www.twcert.org.tw/en/cp-139-8280-ae6e1-2.html",
+ "refsource": "MISC",
+ "name": "https://www.twcert.org.tw/en/cp-139-8280-ae6e1-2.html"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "advisory": "TVN-202411028",
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "For firmware version 1.04.1.592.x, please update to 1.04.1.592.8 or later.
For firmware version 1.04.1.613.x, please update to 1.04.1.613.13 or later.
For all other firmware version 1.04.1.x, please update to 1.04.1.675 or later.
"
+ }
+ ],
+ "value": "For firmware version 1.04.1.592.x, please update to 1.04.1.592.8 or later.\nFor firmware version 1.04.1.613.x, please update to 1.04.1.613.13 or later.\nFor all other firmware version 1.04.1.x, please update to 1.04.1.675 or later."
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.2,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "HIGH",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}