admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-08-27 19:00:38 +00:00
parent 42f5af9cd1
commit 8aec0b1d1c
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
11 changed files with 1160 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
2022/39xxx/CVE-2022-39997.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-39997",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-39997",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A weak password requirement issue was discovered in Teldats Router RS123, RS123w allows a remote attacker to escalate privileges"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/uyhacked/Teldat-s-Router/blob/main/Teldat",
"refsource": "MISC",
"name": "https://github.com/uyhacked/Teldat-s-Router/blob/main/Teldat"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/uyhacked/Teldat-s-Router/blob/main/Teldat's%20Router%20Vulnerability.md",
"url": "https://github.com/uyhacked/Teldat-s-Router/blob/main/Teldat's%20Router%20Vulnerability.md"
}
]
}

85
2024/1xxx/CVE-2024-1544.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-1544",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "facts@wolfssl.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Generating the ECDSA nonce k samples a random number r and then \ntruncates this randomness with a modular reduction mod n where n is the \norder of the elliptic curve. Meaning k = r mod n. The division used \nduring the reduction estimates a factor q_e by dividing the upper two \ndigits (a digit having e.g. a size of 8 byte) of r by the upper digit of \nn and then decrements q_e in a loop until it has the correct size. \nObserving the number of times q_e is decremented through a control-flow \nrevealing side-channel reveals a bias in the most significant bits of \nk. Depending on the curve this is either a negligible bias or a \nsignificant bias large enough to reconstruct k with lattice reduction \nmethods. For SECP160R1, e.g., we find a bias of 15 bits."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-203 Observable Discrepancy",
"cweId": "CWE-203"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "wolfSSL",
"product": {
"product_data": [
{
"product_name": "wolfSSL",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "5.6.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.2-stable",
"refsource": "MISC",
"name": "https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.2-stable"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Florian Sieck, Luca Wilke and Thomas Eisenbarth from Universit\u00e4t zu L\u00fcbeck"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

91
2024/45xxx/CVE-2024-45037.json
View File

@ -1,17 +1,100 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-45037",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The AWS Cloud Development Kit (CDK) is an open-source framework for defining cloud infrastructure using code. Customers use it to create their own applications which are converted to AWS CloudFormation templates during deployment to a customer\u2019s AWS account. CDK contains pre-built components called \"constructs\" that are higher-level abstractions providing defaults and best practices. This approach enables developers to use familiar programming languages to define complex cloud infrastructure more efficiently than writing raw CloudFormation templates. We identified an issue in AWS Cloud Development Kit (CDK) which, under certain conditions, can result in granting authenticated Amazon Cognito users broader than intended access. Specifically, if a CDK application uses the \"RestApi\" construct with \"CognitoUserPoolAuthorizer\" as the authorizer and uses authorization scopes to limit access. This issue does not affect the availability of the specific API resources. Authenticated Cognito users may gain unintended access to protected API resources or methods, leading to potential data disclosure, and modification issues. Impacted versions: >=2.142.0;<=2.148.0. A patch is included in CDK versions >=2.148.1. Users are advised to upgrade their AWS CDK version to 2.148.1 or newer and re-deploy their application(s) to address this issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863: Incorrect Authorization",
"cweId": "CWE-863"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "aws",
"product": {
"product_data": [
{
"product_name": "aws-cdk",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 2.142.0, < 2.148.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/aws/aws-cdk/security/advisories/GHSA-qj85-69xf-2vxq",
"refsource": "MISC",
"name": "https://github.com/aws/aws-cdk/security/advisories/GHSA-qj85-69xf-2vxq"
},
{
"url": "https://github.com/aws/aws-cdk/commit/4bee768f07e73ab5fe466f9ad3d1845456a0513b",
"refsource": "MISC",
"name": "https://github.com/aws/aws-cdk/commit/4bee768f07e73ab5fe466f9ad3d1845456a0513b"
},
{
"url": "https://docs.aws.amazon.com/cdk/v2/guide/home.html",
"refsource": "MISC",
"name": "https://docs.aws.amazon.com/cdk/v2/guide/home.html"
},
{
"url": "https://github.com/aws/aws-cdk/releases/tag/v2.148.1",
"refsource": "MISC",
"name": "https://github.com/aws/aws-cdk/releases/tag/v2.148.1"
}
]
},
"source": {
"advisory": "GHSA-qj85-69xf-2vxq",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
]
}

93
2024/5xxx/CVE-2024-5288.json
View File

@ -1,17 +1,102 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5288",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "facts@wolfssl.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in wolfSSL before 5.7.0. A safe-error attack via Rowhammer, namely FAULT+PROBE, leads to ECDSA key disclosure. When WOLFSSL_CHECK_SIG_FAULTS is used in signing operations with private ECC keys,\n\nsuch as in server-side TLS connections, the connection is halted if any fault occurs.\u00a0The success rate in a certain amount of connection requests can be processed via an advanced technique for ECDSA key recovery."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-922 Insecure Storage of Sensitive Information",
"cweId": "CWE-922"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "wolfSSL Inc.",
"product": {
"product_data": [
{
"product_name": "wolfSSL",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "5.7.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.2-stable",
"refsource": "MISC",
"name": "https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.2-stable"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Kemal Derya"
},
{
"lang": "en",
"value": "M. Caner Tol"
},
{
"lang": "en",
"value": "Berk Sunar"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

98
2024/5xxx/CVE-2024-5814.json
View File

@ -1,18 +1,106 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5814",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "facts@wolfssl.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A malicious TLS1.2 server can force a TLS1.3 client with downgrade capability to use a ciphersuite that it did not agree to and achieve a successful connection. This is because, aside from the extensions, the client was skipping fully parsing the server hello. https://doi.org/10.46586/tches.v2024.i1.457-500"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "wolfSSL",
"product": {
"product_data": [
{
"product_name": "wolfSSL",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "5.7.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md#add_later",
"refsource": "MISC",
"name": "https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md#add_later"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "On client side, use the wolfSSL methods for specific protocol versions instead of the downgrade API.<br>"
}
],
"value": "On client side, use the wolfSSL methods for specific protocol versions instead of the downgrade API."
}
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update wolfSSL to 5.7.2.<br>"
}
],
"value": "Update wolfSSL to 5.7.2."
}
],
"credits": [
{
"lang": "en",
"value": "Armin Najafabadi"
},
{
"lang": "en",
"value": "Per Allansson"
}
]
}

76
2024/5xxx/CVE-2024-5991.json
View File

@ -1,18 +1,84 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5991",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "facts@wolfssl.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In function MatchDomainName(), input param str is treated as a NULL terminated string despite being user provided and unchecked. Specifically, the function X509_check_host() takes in a pointer and length to check against, with no requirements that it be NULL terminated. If a caller was attempting to do a name check on a non-NULL terminated buffer, the code would read beyond the bounds of the input array until it found a NULL terminator.This issue affects wolfSSL: through 5.7.0."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "wolfSSL",
"product": {
"product_data": [
{
"product_name": "wolfSSL",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "5.7.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://https://github.com/wolfSSL/wolfssl/pull/7604",
"refsource": "MISC",
"name": "https://https://github.com/wolfSSL/wolfssl/pull/7604"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Fixed in the following github pull request&nbsp;<a target=\"_blank\" rel=\"nofollow\" href=\"https://https://github.com/wolfSSL/wolfssl/pull/7604\">https://https://github.com/wolfSSL/wolfssl/pull/7604</a>"
}
],
"value": "Fixed in the following github pull request\u00a0 https://https://github.com/wolfSSL/wolfssl/pull/7604"
}
]
}

319
2024/8xxx/CVE-2024-8210.json
View File

@ -1,17 +1,328 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8210",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** UNSUPPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. It has been classified as critical. This affects the function sprintf of the file /cgi-bin/hd_config.cgi. The manipulation of the argument f_mount leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced."
},
{
"lang": "deu",
"value": "** UNSUPPPORTED WHEN ASSIGNED ** Es wurde eine Schwachstelle in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 bis 20240814 ausgemacht. Sie wurde als kritisch eingestuft. Betroffen hiervon ist die Funktion sprintf der Datei /cgi-bin/hd_config.cgi. Mittels Manipulieren des Arguments f_mount mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77 Command Injection",
"cweId": "CWE-77"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "D-Link",
"product": {
"product_data": [
{
"product_name": "DNS-120",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "20240814"
}
]
}
},
{
"product_name": "DNR-202L",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "20240814"
}
]
}
},
{
"product_name": "DNS-315L",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "20240814"
}
]
}
},
{
"product_name": "DNS-320",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "20240814"
}
]
}
},
{
"product_name": "DNS-320L",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "20240814"
}
]
}
},
{
"product_name": "DNS-320LW",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "20240814"
}
]
}
},
{
"product_name": "DNS-321",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "20240814"
}
]
}
},
{
"product_name": "DNR-322L",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "20240814"
}
]
}
},
{
"product_name": "DNS-323",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "20240814"
}
]
}
},
{
"product_name": "DNS-325",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "20240814"
}
]
}
},
{
"product_name": "DNS-326",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "20240814"
}
]
}
},
{
"product_name": "DNS-327L",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "20240814"
}
]
}
},
{
"product_name": "DNR-326",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "20240814"
}
]
}
},
{
"product_name": "DNS-340L",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "20240814"
}
]
}
},
{
"product_name": "DNS-343",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "20240814"
}
]
}
},
{
"product_name": "DNS-345",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "20240814"
}
]
}
},
{
"product_name": "DNS-726-4",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "20240814"
}
]
}
},
{
"product_name": "DNS-1100-4",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "20240814"
}
]
}
},
{
"product_name": "DNS-1200-05",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "20240814"
}
]
}
},
{
"product_name": "DNS-1550-04",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "20240814"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.275919",
"refsource": "MISC",
"name": "https://vuldb.com/?id.275919"
},
{
"url": "https://vuldb.com/?ctiid.275919",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.275919"
},
{
"url": "https://vuldb.com/?submit.397274",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.397274"
},
{
"url": "https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_FMT_R12R5_3rd_DiskMGR.md",
"refsource": "MISC",
"name": "https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_FMT_R12R5_3rd_DiskMGR.md"
},
{
"url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383",
"refsource": "MISC",
"name": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383"
},
{
"url": "https://www.dlink.com/",
"refsource": "MISC",
"name": "https://www.dlink.com/"
}
]
},
"credits": [
{
"lang": "en",
"value": "BuaaIoTTeam (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

319
2024/8xxx/CVE-2024-8211.json
View File

@ -1,17 +1,328 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8211",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** UNSUPPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. It has been declared as critical. This vulnerability affects the function cgi_FMT_Std2R1_DiskMGR of the file /cgi-bin/hd_config.cgi. The manipulation of the argument f_newly_dev leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced."
},
{
"lang": "deu",
"value": "** UNSUPPPORTED WHEN ASSIGNED ** In D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 bis 20240814 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Es geht um die Funktion cgi_FMT_Std2R1_DiskMGR der Datei /cgi-bin/hd_config.cgi. Durch das Manipulieren des Arguments f_newly_dev mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77 Command Injection",
"cweId": "CWE-77"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "D-Link",
"product": {
"product_data": [
{
"product_name": "DNS-120",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "20240814"
}
]
}
},
{
"product_name": "DNR-202L",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "20240814"
}
]
}
},
{
"product_name": "DNS-315L",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "20240814"
}
]
}
},
{
"product_name": "DNS-320",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "20240814"
}
]
}
},
{
"product_name": "DNS-320L",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "20240814"
}
]
}
},
{
"product_name": "DNS-320LW",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "20240814"
}
]
}
},
{
"product_name": "DNS-321",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "20240814"
}
]
}
},
{
"product_name": "DNR-322L",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "20240814"
}
]
}
},
{
"product_name": "DNS-323",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "20240814"
}
]
}
},
{
"product_name": "DNS-325",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "20240814"
}
]
}
},
{
"product_name": "DNS-326",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "20240814"
}
]
}
},
{
"product_name": "DNS-327L",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "20240814"
}
]
}
},
{
"product_name": "DNR-326",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "20240814"
}
]
}
},
{
"product_name": "DNS-340L",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "20240814"
}
]
}
},
{
"product_name": "DNS-343",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "20240814"
}
]
}
},
{
"product_name": "DNS-345",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "20240814"
}
]
}
},
{
"product_name": "DNS-726-4",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "20240814"
}
]
}
},
{
"product_name": "DNS-1100-4",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "20240814"
}
]
}
},
{
"product_name": "DNS-1200-05",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "20240814"
}
]
}
},
{
"product_name": "DNS-1550-04",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "20240814"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.275920",
"refsource": "MISC",
"name": "https://vuldb.com/?id.275920"
},
{
"url": "https://vuldb.com/?ctiid.275920",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.275920"
},
{
"url": "https://vuldb.com/?submit.397275",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.397275"
},
{
"url": "https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_FMT_Std2R1_DiskMGR.md",
"refsource": "MISC",
"name": "https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_FMT_Std2R1_DiskMGR.md"
},
{
"url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383",
"refsource": "MISC",
"name": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383"
},
{
"url": "https://www.dlink.com/",
"refsource": "MISC",
"name": "https://www.dlink.com/"
}
]
},
"credits": [
{
"lang": "en",
"value": "BuaaIoTTeam (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

18
2024/8xxx/CVE-2024-8237.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8237",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/8xxx/CVE-2024-8238.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8238",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/8xxx/CVE-2024-8239.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8239",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}