diff --git a/2022/28xxx/CVE-2022-28369.json b/2022/28xxx/CVE-2022-28369.json index 93c1fea0886..6672ffdedaf 100644 --- a/2022/28xxx/CVE-2022-28369.json +++ b/2022/28xxx/CVE-2022-28369.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-28369", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-28369", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 does not validate the user-provided URL within the crtcmode function's enable_ssh sub-operation of the crtcrpc JSON listener (found at /lib/functions/wnc_jsonsh/crtcmode.sh) A remote attacker on the local network can provide a malicious URL. The data (found at that URL) is written to /usr/sbin/dropbear and then executed as root." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.verizon.com/info/reportsecurityvulnerability/", + "refsource": "MISC", + "name": "https://www.verizon.com/info/reportsecurityvulnerability/" + }, + { + "refsource": "MISC", + "name": "https://github.com/JousterL/SecWriteups/blob/main/Verizon%20LVSKIHP%205G%20Modem/readme.md", + "url": "https://github.com/JousterL/SecWriteups/blob/main/Verizon%20LVSKIHP%205G%20Modem/readme.md" } ] } diff --git a/2022/28xxx/CVE-2022-28370.json b/2022/28xxx/CVE-2022-28370.json index 9e51998f8da..79996a7e348 100644 --- a/2022/28xxx/CVE-2022-28370.json +++ b/2022/28xxx/CVE-2022-28370.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-28370", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-28370", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 devices, the RPC endpoint crtc_fw_upgrade provides a means of provisioning a firmware update for the device. /lib/functions/wnc_jsonsh/wnc_crtc_fw.sh has no cryptographic validation of the image, thus allowing an attacker to modify the installed firmware." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.verizon.com/info/reportsecurityvulnerability/", + "refsource": "MISC", + "name": "https://www.verizon.com/info/reportsecurityvulnerability/" + }, + { + "refsource": "MISC", + "name": "https://github.com/JousterL/SecWriteups/blob/main/Verizon%20LVSKIHP%205G%20Modem/readme.md", + "url": "https://github.com/JousterL/SecWriteups/blob/main/Verizon%20LVSKIHP%205G%20Modem/readme.md" } ] } diff --git a/2022/28xxx/CVE-2022-28371.json b/2022/28xxx/CVE-2022-28371.json index 4453c8eb619..6f68ab08fde 100644 --- a/2022/28xxx/CVE-2022-28371.json +++ b/2022/28xxx/CVE-2022-28371.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-28371", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-28371", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints rely on a static certificate for access control. This certificate is embedded in the firmware, and is identical across the fleet of devices. An attacker need only download this firmware and extract the private components of these certificates (from /etc/lighttpd.d/ca.pem and /etc/lighttpd.d/server.pem) to gain access. (The firmware download location is shown in a device's upgrade logs.)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.verizon.com/info/reportsecurityvulnerability/", + "refsource": "MISC", + "name": "https://www.verizon.com/info/reportsecurityvulnerability/" + }, + { + "refsource": "MISC", + "name": "https://github.com/JousterL/SecWriteups/blob/main/Verizon%20LVSKIHP%205G%20Modem/readme.md", + "url": "https://github.com/JousterL/SecWriteups/blob/main/Verizon%20LVSKIHP%205G%20Modem/readme.md" } ] } diff --git a/2022/28xxx/CVE-2022-28372.json b/2022/28xxx/CVE-2022-28372.json index dc12640bdee..102b039a30d 100644 --- a/2022/28xxx/CVE-2022-28372.json +++ b/2022/28xxx/CVE-2022-28372.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-28372", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-28372", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints provide a means of provisioning a firmware update for the device via crtc_fw_upgrade or crtcfwimage. The URL provided is not validated, and thus allows for arbitrary file upload to the device. This occurs in /lib/lua/luci/crtc.lua (IDU) and /lib/functions/wnc_jsonsh/wnc_crtc_fw.sh (ODU)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.verizon.com/info/reportsecurityvulnerability/", + "refsource": "MISC", + "name": "https://www.verizon.com/info/reportsecurityvulnerability/" + }, + { + "refsource": "MISC", + "name": "https://github.com/JousterL/SecWriteups/blob/main/Verizon%20LVSKIHP%205G%20Modem/readme.md", + "url": "https://github.com/JousterL/SecWriteups/blob/main/Verizon%20LVSKIHP%205G%20Modem/readme.md" } ] } diff --git a/2022/28xxx/CVE-2022-28373.json b/2022/28xxx/CVE-2022-28373.json index 79fc358e20a..1846f7964bc 100644 --- a/2022/28xxx/CVE-2022-28373.json +++ b/2022/28xxx/CVE-2022-28373.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-28373", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-28373", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 does not properly sanitize user-controlled parameters within the crtcreadpartition function of the crtcrpc JSON listener in /usr/lib/lua/luci/crtc.lua. A remote attacker on the local network can inject shell metacharacters to achieve remote code execution as root." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.verizon.com/info/reportsecurityvulnerability/", + "refsource": "MISC", + "name": "https://www.verizon.com/info/reportsecurityvulnerability/" + }, + { + "refsource": "MISC", + "name": "https://github.com/JousterL/SecWriteups/blob/main/Verizon%20LVSKIHP%205G%20Modem/readme.md", + "url": "https://github.com/JousterL/SecWriteups/blob/main/Verizon%20LVSKIHP%205G%20Modem/readme.md" } ] } diff --git a/2022/28xxx/CVE-2022-28374.json b/2022/28xxx/CVE-2022-28374.json index 953af655a69..ab66fd44414 100644 --- a/2022/28xxx/CVE-2022-28374.json +++ b/2022/28xxx/CVE-2022-28374.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-28374", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-28374", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property sanitize user-controlled parameters within the DMACC URLs on the Settings page of the Engineering portal. An authenticated remote attacker on the local network can inject shell metacharacters into /usr/lib/lua/5.1/luci/controller/admin/settings.lua to achieve remote code execution as root." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.verizon.com/info/reportsecurityvulnerability/", + "refsource": "MISC", + "name": "https://www.verizon.com/info/reportsecurityvulnerability/" + }, + { + "refsource": "MISC", + "name": "https://github.com/JousterL/SecWriteups/blob/main/Verizon%20LVSKIHP%205G%20Modem/readme.md", + "url": "https://github.com/JousterL/SecWriteups/blob/main/Verizon%20LVSKIHP%205G%20Modem/readme.md" } ] } diff --git a/2022/28xxx/CVE-2022-28375.json b/2022/28xxx/CVE-2022-28375.json index a26779adfc5..af529fe2786 100644 --- a/2022/28xxx/CVE-2022-28375.json +++ b/2022/28xxx/CVE-2022-28375.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-28375", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-28375", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property sanitize user-controlled parameters within the crtcswitchsimprofile function of the crtcrpc JSON listener. A remote attacker on the local network can inject shell metacharacters into /usr/lib/lua/5.1/luci/controller/rpc.lua to achieve remote code execution as root," + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.verizon.com/info/reportsecurityvulnerability/", + "refsource": "MISC", + "name": "https://www.verizon.com/info/reportsecurityvulnerability/" + }, + { + "refsource": "MISC", + "name": "https://github.com/JousterL/SecWriteups/blob/main/Verizon%20LVSKIHP%205G%20Modem/readme.md", + "url": "https://github.com/JousterL/SecWriteups/blob/main/Verizon%20LVSKIHP%205G%20Modem/readme.md" } ] } diff --git a/2022/28xxx/CVE-2022-28376.json b/2022/28xxx/CVE-2022-28376.json index d51be8b9d16..6689af9600c 100644 --- a/2022/28xxx/CVE-2022-28376.json +++ b/2022/28xxx/CVE-2022-28376.json @@ -56,6 +56,11 @@ "url": "https://www.reddit.com/r/verizon/comments/sstq4c/5g_home_internet_dropping_out/hx3ir0s/", "refsource": "MISC", "name": "https://www.reddit.com/r/verizon/comments/sstq4c/5g_home_internet_dropping_out/hx3ir0s/" + }, + { + "refsource": "MISC", + "name": "https://github.com/JousterL/SecWriteups/blob/main/Verizon%20LVSKIHP%205G%20Modem/readme.md", + "url": "https://github.com/JousterL/SecWriteups/blob/main/Verizon%20LVSKIHP%205G%20Modem/readme.md" } ] } diff --git a/2022/28xxx/CVE-2022-28377.json b/2022/28xxx/CVE-2022-28377.json index 608a3bddd08..b4cd8733818 100644 --- a/2022/28xxx/CVE-2022-28377.json +++ b/2022/28xxx/CVE-2022-28377.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-28377", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-28377", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints rely on a static account username/password for access control. This password can be generated via a binary included in the firmware, after ascertaining the MAC address of the IDU's base Ethernet interface, and adding the string DEVICE_MANUFACTURER='Wistron_NeWeb_Corp.' to /etc/device_info to replicate the host environment. This occurs in /etc/init.d/wnc_factoryssidkeypwd (IDU)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.verizon.com/info/reportsecurityvulnerability/", + "refsource": "MISC", + "name": "https://www.verizon.com/info/reportsecurityvulnerability/" + }, + { + "refsource": "MISC", + "name": "https://github.com/JousterL/SecWriteups/blob/main/Verizon%20LVSKIHP%205G%20Modem/readme.md", + "url": "https://github.com/JousterL/SecWriteups/blob/main/Verizon%20LVSKIHP%205G%20Modem/readme.md" } ] } diff --git a/2022/2xxx/CVE-2022-2396.json b/2022/2xxx/CVE-2022-2396.json index db581f2fafb..9a9c459a8fa 100644 --- a/2022/2xxx/CVE-2022-2396.json +++ b/2022/2xxx/CVE-2022-2396.json @@ -49,7 +49,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability classified as problematic was found in SourceCodester Simple e-Learning System 1.0. Affected by this vulnerability is an unknown functionality of the file \/vcs\/claire_blake. The manipulation of the argument Bio with the input \"> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." } ] }, @@ -57,16 +57,20 @@ "cvss": { "version": "3.1", "baseScore": "3.5", - "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" } }, "references": { "reference_data": [ { - "url": "https:\/\/github.com\/CyberThoth\/CVE\/blob\/83c243538386cd0761025f85eb747eab7cae5c21\/CVE\/Simple%20e-Learning%20System\/Cross%20Site%20Scripting(Stored)\/POC.md" + "url": "https://github.com/CyberThoth/CVE/blob/83c243538386cd0761025f85eb747eab7cae5c21/CVE/Simple%20e-Learning%20System/Cross%20Site%20Scripting(Stored)/POC.md", + "refsource": "MISC", + "name": "https://github.com/CyberThoth/CVE/blob/83c243538386cd0761025f85eb747eab7cae5c21/CVE/Simple%20e-Learning%20System/Cross%20Site%20Scripting(Stored)/POC.md" }, { - "url": "https:\/\/vuldb.com\/?id.203779" + "url": "https://vuldb.com/?id.203779", + "refsource": "MISC", + "name": "https://vuldb.com/?id.203779" } ] } diff --git a/2022/30xxx/CVE-2022-30113.json b/2022/30xxx/CVE-2022-30113.json index b15fb80ea13..362d06e7531 100644 --- a/2022/30xxx/CVE-2022-30113.json +++ b/2022/30xxx/CVE-2022-30113.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-30113", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-30113", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Electronic mall system 1.0_build20200203 is affected vulnerable to SQL Injection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.fahuo100.cn", + "refsource": "MISC", + "name": "https://www.fahuo100.cn" + }, + { + "refsource": "MISC", + "name": "https://www.yuque.com/docs/share/7a99158f-9077-4b37-939d-8ffecff27357", + "url": "https://www.yuque.com/docs/share/7a99158f-9077-4b37-939d-8ffecff27357" } ] } diff --git a/2022/32xxx/CVE-2022-32295.json b/2022/32xxx/CVE-2022-32295.json index 0ceb9f30b3f..76b278e5ee5 100644 --- a/2022/32xxx/CVE-2022-32295.json +++ b/2022/32xxx/CVE-2022-32295.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://amperecomputing.com/products/security-bulletins/altra-spi-nor-smc-protection-for-ampere-website.html", "url": "https://amperecomputing.com/products/security-bulletins/altra-spi-nor-smc-protection-for-ampere-website.html" + }, + { + "refsource": "MISC", + "name": "https://amperecomputing.com/products/security-bulletins/altra-spi-nor-smc.html", + "url": "https://amperecomputing.com/products/security-bulletins/altra-spi-nor-smc.html" } ] }