diff --git a/2021/38xxx/CVE-2021-38412.json b/2021/38xxx/CVE-2021-38412.json index 8e71e6497cc..57c287ddfd8 100644 --- a/2021/38xxx/CVE-2021-38412.json +++ b/2021/38xxx/CVE-2021-38412.json @@ -1,18 +1,100 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2021-09-14T17:00:00.000Z", "ID": "CVE-2021-38412", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Digi PortServer TS 16 Improper Authentication" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PortServer TS 16", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "Firmware", + "version_value": "82000684" + }, + { + "version_affected": "<=", + "version_name": "Firmware", + "version_value": "82000685" + } + ] + } + } + ] + }, + "vendor_name": "Digi International" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Properly formatted POST requests to multiple resources on the HTTP and HTTPS web servers of the Digi PortServer TS 16 Rack device do not require authentication or authentication tokens. This vulnerability could allow an attacker to enable the SNMP service and manipulate the community strings to achieve further control in." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "LOW", + "baseScore": 9.6, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287 Improper Authentication" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-257-01", + "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-257-01" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The PortServer TS 16 product was discontinued in 2016. Per Digi\u2019s security support, the device software and hardware support of 5 years has passed. Digi recommends upgrading to a new supported product. If this is not possible, extended support may be available by contacting Digi directly." + } + ], + "source": { + "advisory": "ICSA-21-257-01", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/3xxx/CVE-2021-3816.json b/2021/3xxx/CVE-2021-3816.json new file mode 100644 index 00000000000..8b01d5706a8 --- /dev/null +++ b/2021/3xxx/CVE-2021-3816.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-3816", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/41xxx/CVE-2021-41380.json b/2021/41xxx/CVE-2021-41380.json index b76b4012689..2183677dd73 100644 --- a/2021/41xxx/CVE-2021-41380.json +++ b/2021/41xxx/CVE-2021-41380.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-41380", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-41380", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "RealVNC Viewer 6.21.406 allows remote VNC servers to cause a denial of service (application crash) via crafted RFB protocol data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gist.github.com/totaam/a90f2bb40f5b693ccec0ae903d021b03", + "refsource": "MISC", + "name": "https://gist.github.com/totaam/a90f2bb40f5b693ccec0ae903d021b03" } ] } diff --git a/2021/41xxx/CVE-2021-41381.json b/2021/41xxx/CVE-2021-41381.json new file mode 100644 index 00000000000..c65eb68e63d --- /dev/null +++ b/2021/41xxx/CVE-2021-41381.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-41381", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/41xxx/CVE-2021-41382.json b/2021/41xxx/CVE-2021-41382.json new file mode 100644 index 00000000000..f532cac678d --- /dev/null +++ b/2021/41xxx/CVE-2021-41382.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-41382", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/41xxx/CVE-2021-41383.json b/2021/41xxx/CVE-2021-41383.json new file mode 100644 index 00000000000..805ad7fd485 --- /dev/null +++ b/2021/41xxx/CVE-2021-41383.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-41383", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "setup.cgi on NETGEAR R6020 1.0.0.48 devices allows an admin to execute arbitrary shell commands via shell metacharacters in the ntp_server field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://j-o-e-l-s.github.io/2021/09/15/Hacking-The-Netgear-R6020.html", + "refsource": "MISC", + "name": "https://j-o-e-l-s.github.io/2021/09/15/Hacking-The-Netgear-R6020.html" + } + ] + } +} \ No newline at end of file