From aa113d3716bf7481b22801ec507926641e792d3e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 25 May 2025 08:00:33 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2025/5xxx/CVE-2025-5146.json | 175 ++++++++++++++++++++++++++++++++++- 2025/5xxx/CVE-2025-5164.json | 18 ++++ 2 files changed, 189 insertions(+), 4 deletions(-) create mode 100644 2025/5xxx/CVE-2025-5164.json diff --git a/2025/5xxx/CVE-2025-5146.json b/2025/5xxx/CVE-2025-5146.json index b411692ba57..65c7a625f4b 100644 --- a/2025/5xxx/CVE-2025-5146.json +++ b/2025/5xxx/CVE-2025-5146.json @@ -1,17 +1,184 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-5146", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been found in Netcore NBR1005GPEV2, B6V2, COVER5, NAP830, NAP930, NBR100V2 and NBR200V2 up to 20250508 and classified as critical. This vulnerability affects the function passwd_set of the file /usr/bin/routerd of the component HTTP Header Handler. The manipulation of the argument pwd leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "In Netcore NBR1005GPEV2, B6V2, COVER5, NAP830, NAP930, NBR100V2 and NBR200V2 bis 20250508 wurde eine kritische Schwachstelle gefunden. Hierbei betrifft es die Funktion passwd_set der Datei /usr/bin/routerd der Komponente HTTP Header Handler. Dank Manipulation des Arguments pwd mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Command Injection", + "cweId": "CWE-77" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Injection", + "cweId": "CWE-74" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Netcore", + "product": { + "product_data": [ + { + "product_name": "NBR1005GPEV2", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "20250508" + } + ] + } + }, + { + "product_name": "B6V2", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "20250508" + } + ] + } + }, + { + "product_name": "COVER5", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "20250508" + } + ] + } + }, + { + "product_name": "NAP830", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "20250508" + } + ] + } + }, + { + "product_name": "NAP930", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "20250508" + } + ] + } + }, + { + "product_name": "NBR100V2", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "20250508" + } + ] + } + }, + { + "product_name": "NBR200V2", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "20250508" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.310234", + "refsource": "MISC", + "name": "https://vuldb.com/?id.310234" + }, + { + "url": "https://vuldb.com/?ctiid.310234", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.310234" + }, + { + "url": "https://vuldb.com/?submit.573493", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.573493" + }, + { + "url": "https://anonymous.4open.science/r/netcore_command_injection2-4583F2DA", + "refsource": "MISC", + "name": "https://anonymous.4open.science/r/netcore_command_injection2-4583F2DA" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "ricardo123 (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2025/5xxx/CVE-2025-5164.json b/2025/5xxx/CVE-2025-5164.json new file mode 100644 index 00000000000..de9a5a3a4e2 --- /dev/null +++ b/2025/5xxx/CVE-2025-5164.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-5164", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file