From 723d6b7347c12882ba61ff471572c699419e7a1f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 28 Jul 2024 23:00:37 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/7xxx/CVE-2024-7171.json | 100 +++++++++++++++++++++++++++++++++-- 1 file changed, 96 insertions(+), 4 deletions(-) diff --git a/2024/7xxx/CVE-2024-7171.json b/2024/7xxx/CVE-2024-7171.json index 8b60494a18f..4c59c4e6dc9 100644 --- a/2024/7xxx/CVE-2024-7171.json +++ b/2024/7xxx/CVE-2024-7171.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-7171", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as critical has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. Affected is the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostTime leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272592. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "Es wurde eine kritische Schwachstelle in TOTOLINK A3600R 4.1.2cu.5182_B20201102 entdeckt. Es geht dabei um die Funktion NTPSyncWithHost der Datei /cgi-bin/cstecgi.cgi. Dank Manipulation des Arguments hostTime mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-78 OS Command Injection", + "cweId": "CWE-78" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "TOTOLINK", + "product": { + "product_data": [ + { + "product_name": "A3600R", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.1.2cu.5182_B20201102" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.272592", + "refsource": "MISC", + "name": "https://vuldb.com/?id.272592" + }, + { + "url": "https://vuldb.com/?ctiid.272592", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.272592" + }, + { + "url": "https://vuldb.com/?submit.378038", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.378038" + }, + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/NTPSyncWithHost.md", + "refsource": "MISC", + "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/NTPSyncWithHost.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "wxhwxhwxh_mie (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] }