diff --git a/2024/32xxx/CVE-2024-32631.json b/2024/32xxx/CVE-2024-32631.json
index 5a478de89b7..b3a4085d582 100644
--- a/2024/32xxx/CVE-2024-32631.json
+++ b/2024/32xxx/CVE-2024-32631.json
@@ -1,17 +1,88 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-32631",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "product-security@asrmicro.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Out-of-Bounds read in ciCCIOTOPT in ASR180X will cause incorrect computations."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-125 Out-of-bounds Read",
+ "cweId": "CWE-125"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "ASR",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Falcon/Crane",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "0",
+ "version_value": "CP01.057.067"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.asrmicro.com/en/goods/psirt?cid=38",
+ "refsource": "MISC",
+ "name": "https://www.asrmicro.com/en/goods/psirt?cid=38"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "HIGH",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.2,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "HIGH",
+ "scope": "CHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2024/32xxx/CVE-2024-32632.json b/2024/32xxx/CVE-2024-32632.json
index 63fa8d621fa..46f2db96822 100644
--- a/2024/32xxx/CVE-2024-32632.json
+++ b/2024/32xxx/CVE-2024-32632.json
@@ -1,17 +1,88 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-32632",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "product-security@asrmicro.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A value in ATCMD will be misinterpreted by printf, causing incorrect output and possibly out-of-bounds memory access"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-686 Function Call with Incorrect Argument Type",
+ "cweId": "CWE-686"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "ASR",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Falcon/Crane",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "0",
+ "version_value": "CP01.057.067"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.asrmicro.com/en/goods/psirt?cid=38",
+ "refsource": "MISC",
+ "name": "https://www.asrmicro.com/en/goods/psirt?cid=38"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "ADJACENT_NETWORK",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.6,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "privilegesRequired": "NONE",
+ "scope": "CHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2024/32xxx/CVE-2024-32633.json b/2024/32xxx/CVE-2024-32633.json
index ed96c0b5b3e..23dd30fdc89 100644
--- a/2024/32xxx/CVE-2024-32633.json
+++ b/2024/32xxx/CVE-2024-32633.json
@@ -1,17 +1,88 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-32633",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "product-security@asrmicro.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "An unsigned value can never be negative, so eMMC full disk test will always evaluate the same way."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-570 Expression is Always False",
+ "cweId": "CWE-570"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "ASR",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Falcon/Crane",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "0",
+ "version_value": "CP01.057.067"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.asrmicro.com/en/goods/psirt?cid=38",
+ "refsource": "MISC",
+ "name": "https://www.asrmicro.com/en/goods/psirt?cid=38"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "PHYSICAL",
+ "availabilityImpact": "LOW",
+ "baseScore": 4,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "privilegesRequired": "NONE",
+ "scope": "CHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L",
+ "version": "3.1"
}
]
}
diff --git a/2024/32xxx/CVE-2024-32634.json b/2024/32xxx/CVE-2024-32634.json
index c2d329707e8..9b6d8d4d9f5 100644
--- a/2024/32xxx/CVE-2024-32634.json
+++ b/2024/32xxx/CVE-2024-32634.json
@@ -1,17 +1,88 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-32634",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "product-security@asrmicro.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "In huge memory get unmapped area check, code can never be reached because of a logical contradiction. "
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-561 Dead Code",
+ "cweId": "CWE-561"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "ASR",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Falcon",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "0",
+ "version_value": "CP01.057.067"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.asrmicro.com/en/goods/psirt?cid=38",
+ "refsource": "MISC",
+ "name": "https://www.asrmicro.com/en/goods/psirt?cid=38"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "PHYSICAL",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.1,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "privilegesRequired": "NONE",
+ "scope": "CHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2024/3xxx/CVE-2024-3871.json b/2024/3xxx/CVE-2024-3871.json
new file mode 100644
index 00000000000..91999e60ae4
--- /dev/null
+++ b/2024/3xxx/CVE-2024-3871.json
@@ -0,0 +1,121 @@
+{
+ "data_version": "4.0",
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-3871",
+ "ASSIGNER": "research@onekey.com",
+ "STATE": "PUBLIC"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "The Delta Electronics DVW-W02W2-E2 devices expose a web administration interface to users. This interface implements two features\u00a0(access control lists management, WPS pin setup) that are affected by command injections and stack overflows vulnerabilities.\nSuccessful exploitation of these flaws would allow remote authenticated attackers to gain remote command execution with\u00a0elevated privileges on the affected devices.\n\nThis issue affects DVW-W02W2-E2 through version 2.5.2.\n\n"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')",
+ "cweId": "CWE-77"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Deltra Electronics",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "DVW-W02W2-E2",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "0",
+ "version_value": "2.5.2"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://onekey.com/",
+ "refsource": "MISC",
+ "name": "https://onekey.com/"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "work_around": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Since DVW-W02W2 is no longer in production and maintenance, Delta decided not to patch these vulnerabilities. There is no workaround.
"
+ }
+ ],
+ "value": "Since DVW-W02W2 is no longer in production and maintenance, Delta decided not to patch these vulnerabilities. There is no workaround.\n"
+ }
+ ],
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Since DVW-W02W2 is no longer in production and maintenance, Delta decided not to patch these vulnerabilities. There is no solution.
"
+ }
+ ],
+ "value": "Since DVW-W02W2 is no longer in production and maintenance, Delta decided not to patch these vulnerabilities. There is no solution.\n"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Quentin Kaiser from ONEKEY Research Labs"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.2,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "HIGH",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+ "version": "3.1"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/3xxx/CVE-2024-3872.json b/2024/3xxx/CVE-2024-3872.json
new file mode 100644
index 00000000000..38a6a518e46
--- /dev/null
+++ b/2024/3xxx/CVE-2024-3872.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-3872",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file