From bb9520cbb69498fe71c8284b5eae1d25918c6a65 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 2 Apr 2024 15:23:59 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/39xxx/CVE-2023-39240.json | 2 +- 2024/29xxx/CVE-2024-29945.json | 5 -- 2024/29xxx/CVE-2024-29946.json | 95 +++++++++++++++++++++++++++++-- 2024/2xxx/CVE-2024-2980.json | 100 +++++++++++++++++++++++++++++++-- 2024/2xxx/CVE-2024-2981.json | 100 +++++++++++++++++++++++++++++++-- 2024/2xxx/CVE-2024-2982.json | 100 +++++++++++++++++++++++++++++++-- 2024/2xxx/CVE-2024-2986.json | 100 ++------------------------------- 2024/2xxx/CVE-2024-2987.json | 100 ++------------------------------- 2024/2xxx/CVE-2024-2988.json | 100 ++------------------------------- 2024/2xxx/CVE-2024-2989.json | 100 ++------------------------------- 2024/2xxx/CVE-2024-2990.json | 100 ++------------------------------- 2024/2xxx/CVE-2024-2991.json | 100 ++------------------------------- 2024/2xxx/CVE-2024-2992.json | 100 ++------------------------------- 2024/2xxx/CVE-2024-2993.json | 100 ++------------------------------- 2024/2xxx/CVE-2024-2994.json | 100 ++------------------------------- 2024/30xxx/CVE-2024-30583.json | 56 ++++++++++++++++-- 2024/30xxx/CVE-2024-30584.json | 56 ++++++++++++++++-- 2024/30xxx/CVE-2024-30585.json | 56 ++++++++++++++++-- 2024/30xxx/CVE-2024-30586.json | 56 ++++++++++++++++-- 2024/30xxx/CVE-2024-30587.json | 56 ++++++++++++++++-- 2024/30xxx/CVE-2024-30588.json | 56 ++++++++++++++++-- 2024/30xxx/CVE-2024-30589.json | 56 ++++++++++++++++-- 2024/30xxx/CVE-2024-30597.json | 56 ++++++++++++++++-- 2024/30xxx/CVE-2024-30598.json | 56 ++++++++++++++++-- 2024/30xxx/CVE-2024-30599.json | 56 ++++++++++++++++-- 2024/30xxx/CVE-2024-30600.json | 56 ++++++++++++++++-- 2024/30xxx/CVE-2024-30601.json | 56 ++++++++++++++++-- 2024/30xxx/CVE-2024-30602.json | 56 ++++++++++++++++-- 2024/30xxx/CVE-2024-30603.json | 56 ++++++++++++++++-- 2024/30xxx/CVE-2024-30604.json | 56 ++++++++++++++++-- 2024/30xxx/CVE-2024-30606.json | 56 ++++++++++++++++-- 2024/30xxx/CVE-2024-30607.json | 56 ++++++++++++++++-- 2024/30xxx/CVE-2024-30612.json | 56 ++++++++++++++++-- 2024/3xxx/CVE-2024-3014.json | 100 ++------------------------------- 2024/3xxx/CVE-2024-3015.json | 100 ++------------------------------- 2024/3xxx/CVE-2024-3039.json | 100 +++++++++++++++++++++++++++++++-- 2024/3xxx/CVE-2024-3040.json | 100 +++++++++++++++++++++++++++++++-- 2024/3xxx/CVE-2024-3041.json | 100 +++++++++++++++++++++++++++++++-- 2024/3xxx/CVE-2024-3042.json | 100 +++++++++++++++++++++++++++++++-- 39 files changed, 1708 insertions(+), 1202 deletions(-) diff --git a/2023/39xxx/CVE-2023-39240.json b/2023/39xxx/CVE-2023-39240.json index ac8f54374aa..71568d988aa 100644 --- a/2023/39xxx/CVE-2023-39240.json +++ b/2023/39xxx/CVE-2023-39240.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "\nIt is identified a format string vulnerability in ASUS RT-AX56U V2\u2019s iperf client function API. This vulnerability is caused by lacking validation for a specific value within its set_iperf3_cli.cgi module. A remote attacker with administrator privilege can exploit this vulnerability without privilege to perform remote arbitrary code execution, arbitrary system operation or disrupt service.\n\n" + "value": "\nIt is identified a format string vulnerability in ASUS RT-AX56U V2\u2019s iperf client function API. This vulnerability is caused by lacking validation for a specific value within its set_iperf3_cli.cgi module. A remote attacker with administrator privilege can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation or disrupt service.\n\n" } ] }, diff --git a/2024/29xxx/CVE-2024-29945.json b/2024/29xxx/CVE-2024-29945.json index 72c597ddd40..788b9a142b2 100644 --- a/2024/29xxx/CVE-2024-29945.json +++ b/2024/29xxx/CVE-2024-29945.json @@ -69,11 +69,6 @@ "url": "https://advisory.splunk.com/advisories/SVD-2024-0301", "refsource": "MISC", "name": "https://advisory.splunk.com/advisories/SVD-2024-0301" - }, - { - "url": "https://research.splunk.com/application/9a67e749-d291-40dd-8376-d422e7ecf8b5", - "refsource": "MISC", - "name": "https://research.splunk.com/application/9a67e749-d291-40dd-8376-d422e7ecf8b5" } ] }, diff --git a/2024/29xxx/CVE-2024-29946.json b/2024/29xxx/CVE-2024-29946.json index ec054e01863..b72f75f7286 100644 --- a/2024/29xxx/CVE-2024-29946.json +++ b/2024/29xxx/CVE-2024-29946.json @@ -1,17 +1,104 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29946", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "prodsec@splunk.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the Dashboard Examples Hub in the Splunk Dashboard Studio app lacks protections for risky SPL commands. This could let attackers bypass SPL safeguards for risky commands in the Hub. The vulnerability would require the attacker to phish the victim by tricking them into initiating a request within their browser." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Splunk", + "product": { + "product_data": [ + { + "product_name": "Splunk Enterprise", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "9.2", + "version_value": "9.2.1" + }, + { + "version_affected": "<", + "version_name": "9.1", + "version_value": "9.1.4" + }, + { + "version_affected": "<", + "version_name": "9.0", + "version_value": "9.0.9" + } + ] + } + }, + { + "product_name": "Splunk Cloud Platform", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "-", + "version_value": "9.1.2312.100" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://advisory.splunk.com/advisories/SVD-2024-0302", + "refsource": "MISC", + "name": "https://advisory.splunk.com/advisories/SVD-2024-0302" + }, + { + "url": "https://research.splunk.com/application/1cf58ae1-9177-40b8-a26c-8966040f11ae/", + "refsource": "MISC", + "name": "https://research.splunk.com/application/1cf58ae1-9177-40b8-a26c-8966040f11ae/" + } + ] + }, + "source": { + "advisory": "SVD-2024-0302" + }, + "impact": { + "cvss": [ + { + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", + "version": "3.1", + "baseScore": 8.1, + "baseSeverity": "HIGH" } ] } diff --git a/2024/2xxx/CVE-2024-2980.json b/2024/2xxx/CVE-2024-2980.json index 148cb524f7f..10e903875b2 100644 --- a/2024/2xxx/CVE-2024-2980.json +++ b/2024/2xxx/CVE-2024-2980.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2980", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as critical, has been found in Tenda FH1202 1.2.0.14(408). This issue affects the function formexeCommand of the file /goform/execCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258149 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in Tenda FH1202 1.2.0.14(408) entdeckt. Sie wurde als kritisch eingestuft. Hierbei geht es um die Funktion formexeCommand der Datei /goform/execCommand. Dank Manipulation des Arguments cmdinput mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121 Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Tenda", + "product": { + "product_data": [ + { + "product_name": "FH1202", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.2.0.14(408)" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.258149", + "refsource": "MISC", + "name": "https://vuldb.com/?id.258149" + }, + { + "url": "https://vuldb.com/?ctiid.258149", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.258149" + }, + { + "url": "https://vuldb.com/?submit.301270", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.301270" + }, + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/formexeCommand.md", + "refsource": "MISC", + "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/formexeCommand.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "wxhwxhwxh_tutu (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 8.8, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 8.8, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 9, + "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C" } ] } diff --git a/2024/2xxx/CVE-2024-2981.json b/2024/2xxx/CVE-2024-2981.json index aff2e6a925f..046c3ac85ee 100644 --- a/2024/2xxx/CVE-2024-2981.json +++ b/2024/2xxx/CVE-2024-2981.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2981", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as critical, was found in Tenda FH1202 1.2.0.14(408). Affected is the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set. The manipulation of the argument ssid leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-258150 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in Tenda FH1202 1.2.0.14(408) gefunden. Sie wurde als kritisch eingestuft. Es betrifft die Funktion form_fast_setting_wifi_set der Datei /goform/fast_setting_wifi_set. Mit der Manipulation des Arguments ssid mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121 Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Tenda", + "product": { + "product_data": [ + { + "product_name": "FH1202", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.2.0.14(408)" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.258150", + "refsource": "MISC", + "name": "https://vuldb.com/?id.258150" + }, + { + "url": "https://vuldb.com/?ctiid.258150", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.258150" + }, + { + "url": "https://vuldb.com/?submit.301272", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.301272" + }, + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/form_fast_setting_wifi_set.md", + "refsource": "MISC", + "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/form_fast_setting_wifi_set.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "wxhwxhwxh_tutu (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 8.8, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 8.8, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 9, + "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C" } ] } diff --git a/2024/2xxx/CVE-2024-2982.json b/2024/2xxx/CVE-2024-2982.json index 54fb00523e9..b769b0f318e 100644 --- a/2024/2xxx/CVE-2024-2982.json +++ b/2024/2xxx/CVE-2024-2982.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2982", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been found in Tenda FH1202 1.2.0.14(408) and classified as critical. Affected by this vulnerability is the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to command injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258151. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "In Tenda FH1202 1.2.0.14(408) wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Das betrifft die Funktion formWriteFacMac der Datei /goform/WriteFacMac. Durch die Manipulation des Arguments mac mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-77 Command Injection", + "cweId": "CWE-77" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Tenda", + "product": { + "product_data": [ + { + "product_name": "FH1202", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.2.0.14(408)" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.258151", + "refsource": "MISC", + "name": "https://vuldb.com/?id.258151" + }, + { + "url": "https://vuldb.com/?ctiid.258151", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.258151" + }, + { + "url": "https://vuldb.com/?submit.301273", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.301273" + }, + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/formWriteFacMac.md", + "refsource": "MISC", + "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/formWriteFacMac.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "wxhwxhwxh_tutu (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2024/2xxx/CVE-2024-2986.json b/2024/2xxx/CVE-2024-2986.json index 5313f761598..80bedb66f33 100644 --- a/2024/2xxx/CVE-2024-2986.json +++ b/2024/2xxx/CVE-2024-2986.json @@ -1,109 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2986", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been rated as critical. This issue affects the function formSetSpeedWan of the file /goform/SetSpeedWan. The manipulation of the argument speed_dir leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258155. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." - }, - { - "lang": "deu", - "value": "Eine Schwachstelle wurde in Tenda FH1202 1.2.0.14(408) ausgemacht. Sie wurde als kritisch eingestuft. Davon betroffen ist die Funktion formSetSpeedWan der Datei /goform/SetSpeedWan. Durch das Manipulieren des Arguments speed_dir mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-121 Stack-based Buffer Overflow", - "cweId": "CWE-121" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Tenda", - "product": { - "product_data": [ - { - "product_name": "FH1202", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "1.2.0.14(408)" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://vuldb.com/?id.258155", - "refsource": "MISC", - "name": "https://vuldb.com/?id.258155" - }, - { - "url": "https://vuldb.com/?ctiid.258155", - "refsource": "MISC", - "name": "https://vuldb.com/?ctiid.258155" - }, - { - "url": "https://vuldb.com/?submit.301284", - "refsource": "MISC", - "name": "https://vuldb.com/?submit.301284" - }, - { - "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/SetSpeedWan.md", - "refsource": "MISC", - "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/SetSpeedWan.md" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "wxhwxhwxh_tu (VulDB User)" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "baseScore": 8.8, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "baseSeverity": "HIGH" - }, - { - "version": "3.0", - "baseScore": 8.8, - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "baseSeverity": "HIGH" - }, - { - "version": "2.0", - "baseScore": 9, - "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/2xxx/CVE-2024-2987.json b/2024/2xxx/CVE-2024-2987.json index aeaae66ec2a..1949b2c8961 100644 --- a/2024/2xxx/CVE-2024-2987.json +++ b/2024/2xxx/CVE-2024-2987.json @@ -1,109 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2987", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability classified as critical has been found in Tenda FH1202 1.2.0.14(408). Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument mac leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258156. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." - }, - { - "lang": "deu", - "value": "Es wurde eine kritische Schwachstelle in Tenda FH1202 1.2.0.14(408) entdeckt. Hiervon betroffen ist die Funktion GetParentControlInfo der Datei /goform/GetParentControlInfo. Durch Manipulieren des Arguments mac mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-121 Stack-based Buffer Overflow", - "cweId": "CWE-121" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Tenda", - "product": { - "product_data": [ - { - "product_name": "FH1202", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "1.2.0.14(408)" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://vuldb.com/?id.258156", - "refsource": "MISC", - "name": "https://vuldb.com/?id.258156" - }, - { - "url": "https://vuldb.com/?ctiid.258156", - "refsource": "MISC", - "name": "https://vuldb.com/?ctiid.258156" - }, - { - "url": "https://vuldb.com/?submit.301285", - "refsource": "MISC", - "name": "https://vuldb.com/?submit.301285" - }, - { - "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/GetParentControlInfo.md", - "refsource": "MISC", - "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/GetParentControlInfo.md" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "wxhwxhwxh_tu (VulDB User)" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "baseScore": 8.8, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "baseSeverity": "HIGH" - }, - { - "version": "3.0", - "baseScore": 8.8, - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "baseSeverity": "HIGH" - }, - { - "version": "2.0", - "baseScore": 9, - "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/2xxx/CVE-2024-2988.json b/2024/2xxx/CVE-2024-2988.json index f9179664978..454d99c8b00 100644 --- a/2024/2xxx/CVE-2024-2988.json +++ b/2024/2xxx/CVE-2024-2988.json @@ -1,109 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2988", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability classified as critical was found in Tenda FH1203 2.0.1.6. Affected by this vulnerability is the function fromSetRouteStatic of the file /goform/fromRouteStatic. The manipulation of the argument entrys leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258157 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." - }, - { - "lang": "deu", - "value": "In Tenda FH1203 2.0.1.6 wurde eine kritische Schwachstelle entdeckt. Betroffen ist die Funktion fromSetRouteStatic der Datei /goform/fromRouteStatic. Durch das Beeinflussen des Arguments entrys mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-121 Stack-based Buffer Overflow", - "cweId": "CWE-121" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Tenda", - "product": { - "product_data": [ - { - "product_name": "FH1203", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "2.0.1.6" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://vuldb.com/?id.258157", - "refsource": "MISC", - "name": "https://vuldb.com/?id.258157" - }, - { - "url": "https://vuldb.com/?ctiid.258157", - "refsource": "MISC", - "name": "https://vuldb.com/?ctiid.258157" - }, - { - "url": "https://vuldb.com/?submit.301363", - "refsource": "MISC", - "name": "https://vuldb.com/?submit.301363" - }, - { - "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/fromSetRouteStatic.md", - "refsource": "MISC", - "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/fromSetRouteStatic.md" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "wxhwxhwxh_tu (VulDB User)" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "baseScore": 8.8, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "baseSeverity": "HIGH" - }, - { - "version": "3.0", - "baseScore": 8.8, - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "baseSeverity": "HIGH" - }, - { - "version": "2.0", - "baseScore": 9, - "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/2xxx/CVE-2024-2989.json b/2024/2xxx/CVE-2024-2989.json index 3c4b00df219..f3ab2d76db7 100644 --- a/2024/2xxx/CVE-2024-2989.json +++ b/2024/2xxx/CVE-2024-2989.json @@ -1,109 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2989", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability, which was classified as critical, has been found in Tenda FH1203 2.0.1.6. Affected by this issue is the function fromNatStaticSetting of the file /goform/NatStaticSetting. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-258158 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." - }, - { - "lang": "deu", - "value": "Eine kritische Schwachstelle wurde in Tenda FH1203 2.0.1.6 entdeckt. Betroffen davon ist die Funktion fromNatStaticSetting der Datei /goform/NatStaticSetting. Durch Beeinflussen des Arguments page mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-121 Stack-based Buffer Overflow", - "cweId": "CWE-121" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Tenda", - "product": { - "product_data": [ - { - "product_name": "FH1203", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "2.0.1.6" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://vuldb.com/?id.258158", - "refsource": "MISC", - "name": "https://vuldb.com/?id.258158" - }, - { - "url": "https://vuldb.com/?ctiid.258158", - "refsource": "MISC", - "name": "https://vuldb.com/?ctiid.258158" - }, - { - "url": "https://vuldb.com/?submit.301364", - "refsource": "MISC", - "name": "https://vuldb.com/?submit.301364" - }, - { - "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/fromNatStaticSetting.md", - "refsource": "MISC", - "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/fromNatStaticSetting.md" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "wxhwxhwxh_tu (VulDB User)" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "baseScore": 8.8, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "baseSeverity": "HIGH" - }, - { - "version": "3.0", - "baseScore": 8.8, - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "baseSeverity": "HIGH" - }, - { - "version": "2.0", - "baseScore": 9, - "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/2xxx/CVE-2024-2990.json b/2024/2xxx/CVE-2024-2990.json index de3c154ae03..302a38915d6 100644 --- a/2024/2xxx/CVE-2024-2990.json +++ b/2024/2xxx/CVE-2024-2990.json @@ -1,109 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2990", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability, which was classified as critical, was found in Tenda FH1203 2.0.1.6. This affects the function formexeCommand of the file /goform/execCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258159. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." - }, - { - "lang": "deu", - "value": "Es wurde eine kritische Schwachstelle in Tenda FH1203 2.0.1.6 gefunden. Betroffen hiervon ist die Funktion formexeCommand der Datei /goform/execCommand. Dank der Manipulation des Arguments cmdinput mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-121 Stack-based Buffer Overflow", - "cweId": "CWE-121" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Tenda", - "product": { - "product_data": [ - { - "product_name": "FH1203", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "2.0.1.6" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://vuldb.com/?id.258159", - "refsource": "MISC", - "name": "https://vuldb.com/?id.258159" - }, - { - "url": "https://vuldb.com/?ctiid.258159", - "refsource": "MISC", - "name": "https://vuldb.com/?ctiid.258159" - }, - { - "url": "https://vuldb.com/?submit.301365", - "refsource": "MISC", - "name": "https://vuldb.com/?submit.301365" - }, - { - "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/formexeCommand.md", - "refsource": "MISC", - "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/formexeCommand.md" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "wxhwxhwxh_tu (VulDB User)" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "baseScore": 8.8, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "baseSeverity": "HIGH" - }, - { - "version": "3.0", - "baseScore": 8.8, - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "baseSeverity": "HIGH" - }, - { - "version": "2.0", - "baseScore": 9, - "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/2xxx/CVE-2024-2991.json b/2024/2xxx/CVE-2024-2991.json index 088b144307f..3785f8c29e7 100644 --- a/2024/2xxx/CVE-2024-2991.json +++ b/2024/2xxx/CVE-2024-2991.json @@ -1,109 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2991", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability has been found in Tenda FH1203 2.0.1.6 and classified as critical. This vulnerability affects the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258160. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." - }, - { - "lang": "deu", - "value": "In Tenda FH1203 2.0.1.6 wurde eine kritische Schwachstelle gefunden. Es geht um die Funktion formWriteFacMac der Datei /goform/WriteFacMac. Dank Manipulation des Arguments mac mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-77 Command Injection", - "cweId": "CWE-77" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Tenda", - "product": { - "product_data": [ - { - "product_name": "FH1203", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "2.0.1.6" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://vuldb.com/?id.258160", - "refsource": "MISC", - "name": "https://vuldb.com/?id.258160" - }, - { - "url": "https://vuldb.com/?ctiid.258160", - "refsource": "MISC", - "name": "https://vuldb.com/?ctiid.258160" - }, - { - "url": "https://vuldb.com/?submit.301366", - "refsource": "MISC", - "name": "https://vuldb.com/?submit.301366" - }, - { - "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/formWriteFacMac.md", - "refsource": "MISC", - "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/formWriteFacMac.md" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "wxhwxhwxh_tu (VulDB User)" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "baseScore": 6.3, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "baseSeverity": "MEDIUM" - }, - { - "version": "3.0", - "baseScore": 6.3, - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "baseSeverity": "MEDIUM" - }, - { - "version": "2.0", - "baseScore": 6.5, - "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/2xxx/CVE-2024-2992.json b/2024/2xxx/CVE-2024-2992.json index dcd1d186a58..d1aafbab7ac 100644 --- a/2024/2xxx/CVE-2024-2992.json +++ b/2024/2xxx/CVE-2024-2992.json @@ -1,109 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2992", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability was found in Tenda FH1203 2.0.1.6 and classified as critical. This issue affects the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258161 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." - }, - { - "lang": "deu", - "value": "Eine kritische Schwachstelle wurde in Tenda FH1203 2.0.1.6 gefunden. Es geht hierbei um die Funktion formSetCfm der Datei /goform/setcfm. Mit der Manipulation des Arguments funcpara1 mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-121 Stack-based Buffer Overflow", - "cweId": "CWE-121" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Tenda", - "product": { - "product_data": [ - { - "product_name": "FH1203", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "2.0.1.6" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://vuldb.com/?id.258161", - "refsource": "MISC", - "name": "https://vuldb.com/?id.258161" - }, - { - "url": "https://vuldb.com/?ctiid.258161", - "refsource": "MISC", - "name": "https://vuldb.com/?ctiid.258161" - }, - { - "url": "https://vuldb.com/?submit.301371", - "refsource": "MISC", - "name": "https://vuldb.com/?submit.301371" - }, - { - "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/formSetCfm.md", - "refsource": "MISC", - "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/formSetCfm.md" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "wxhwxhwxh_tu (VulDB User)" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "baseScore": 8.8, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "baseSeverity": "HIGH" - }, - { - "version": "3.0", - "baseScore": 8.8, - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "baseSeverity": "HIGH" - }, - { - "version": "2.0", - "baseScore": 9, - "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/2xxx/CVE-2024-2993.json b/2024/2xxx/CVE-2024-2993.json index 9b93211095a..a07a9accad2 100644 --- a/2024/2xxx/CVE-2024-2993.json +++ b/2024/2xxx/CVE-2024-2993.json @@ -1,109 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2993", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability was found in Tenda FH1203 2.0.1.6. It has been classified as critical. Affected is the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-258162 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." - }, - { - "lang": "deu", - "value": "Es wurde eine kritische Schwachstelle in Tenda FH1203 2.0.1.6 ausgemacht. Es geht dabei um die Funktion formQuickIndex der Datei /goform/QuickIndex. Durch die Manipulation des Arguments PPPOEPassword mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-121 Stack-based Buffer Overflow", - "cweId": "CWE-121" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Tenda", - "product": { - "product_data": [ - { - "product_name": "FH1203", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "2.0.1.6" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://vuldb.com/?id.258162", - "refsource": "MISC", - "name": "https://vuldb.com/?id.258162" - }, - { - "url": "https://vuldb.com/?ctiid.258162", - "refsource": "MISC", - "name": "https://vuldb.com/?ctiid.258162" - }, - { - "url": "https://vuldb.com/?submit.301372", - "refsource": "MISC", - "name": "https://vuldb.com/?submit.301372" - }, - { - "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/formQuickIndex.md", - "refsource": "MISC", - "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/formQuickIndex.md" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "wxhwxhwxh_tu (VulDB User)" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "baseScore": 8.8, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "baseSeverity": "HIGH" - }, - { - "version": "3.0", - "baseScore": 8.8, - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "baseSeverity": "HIGH" - }, - { - "version": "2.0", - "baseScore": 9, - "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/2xxx/CVE-2024-2994.json b/2024/2xxx/CVE-2024-2994.json index 69515ba29d7..5fb557ea151 100644 --- a/2024/2xxx/CVE-2024-2994.json +++ b/2024/2xxx/CVE-2024-2994.json @@ -1,109 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2994", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability was found in Tenda FH1203 2.0.1.6. It has been declared as critical. Affected by this vulnerability is the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument mac leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258163. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." - }, - { - "lang": "deu", - "value": "In Tenda FH1203 2.0.1.6 wurde eine kritische Schwachstelle ausgemacht. Dabei geht es um die Funktion GetParentControlInfo der Datei /goform/GetParentControlInfo. Durch Manipulation des Arguments mac mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-121 Stack-based Buffer Overflow", - "cweId": "CWE-121" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Tenda", - "product": { - "product_data": [ - { - "product_name": "FH1203", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "2.0.1.6" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://vuldb.com/?id.258163", - "refsource": "MISC", - "name": "https://vuldb.com/?id.258163" - }, - { - "url": "https://vuldb.com/?ctiid.258163", - "refsource": "MISC", - "name": "https://vuldb.com/?ctiid.258163" - }, - { - "url": "https://vuldb.com/?submit.301373", - "refsource": "MISC", - "name": "https://vuldb.com/?submit.301373" - }, - { - "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/GetParentControlInfo.md", - "refsource": "MISC", - "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/GetParentControlInfo.md" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "wxhwxhwxh_tu (VulDB User)" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "baseScore": 8.8, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "baseSeverity": "HIGH" - }, - { - "version": "3.0", - "baseScore": 8.8, - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "baseSeverity": "HIGH" - }, - { - "version": "2.0", - "baseScore": 9, - "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/30xxx/CVE-2024-30583.json b/2024/30xxx/CVE-2024-30583.json index a4147bd6516..6d4bb0de52c 100644 --- a/2024/30xxx/CVE-2024-30583.json +++ b/2024/30xxx/CVE-2024-30583.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-30583", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-30583", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the mitInterface parameter of the fromAddressNat function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/fromAddressNat_mitInterface.md", + "refsource": "MISC", + "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/fromAddressNat_mitInterface.md" } ] } diff --git a/2024/30xxx/CVE-2024-30584.json b/2024/30xxx/CVE-2024-30584.json index ef72d84f2fd..6961ddf15c9 100644 --- a/2024/30xxx/CVE-2024-30584.json +++ b/2024/30xxx/CVE-2024-30584.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-30584", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-30584", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the security parameter of the formWifiBasicSet function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/formWifiBasicSet_security.md", + "refsource": "MISC", + "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/formWifiBasicSet_security.md" } ] } diff --git a/2024/30xxx/CVE-2024-30585.json b/2024/30xxx/CVE-2024-30585.json index 55c03c4f409..34cb9ad1ab0 100644 --- a/2024/30xxx/CVE-2024-30585.json +++ b/2024/30xxx/CVE-2024-30585.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-30585", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-30585", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceId parameter of the saveParentControlInfo function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/saveParentControlInfo_deviceId.md", + "refsource": "MISC", + "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/saveParentControlInfo_deviceId.md" } ] } diff --git a/2024/30xxx/CVE-2024-30586.json b/2024/30xxx/CVE-2024-30586.json index 44863cfcf7b..127058fd0b1 100644 --- a/2024/30xxx/CVE-2024-30586.json +++ b/2024/30xxx/CVE-2024-30586.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-30586", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-30586", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the security_5g parameter of the formWifiBasicSet function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/formWifiBasicSet_security_5g.md", + "refsource": "MISC", + "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/formWifiBasicSet_security_5g.md" } ] } diff --git a/2024/30xxx/CVE-2024-30587.json b/2024/30xxx/CVE-2024-30587.json index a86285676c9..cf6f065e140 100644 --- a/2024/30xxx/CVE-2024-30587.json +++ b/2024/30xxx/CVE-2024-30587.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-30587", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-30587", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the urls parameter of the saveParentControlInfo function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/saveParentControlInfo_urls.md", + "refsource": "MISC", + "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/saveParentControlInfo_urls.md" } ] } diff --git a/2024/30xxx/CVE-2024-30588.json b/2024/30xxx/CVE-2024-30588.json index 49924be12ff..444ea50ac39 100644 --- a/2024/30xxx/CVE-2024-30588.json +++ b/2024/30xxx/CVE-2024-30588.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-30588", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-30588", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the schedStartTime parameter of the setSchedWifi function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/setSchedWifi_start.md", + "refsource": "MISC", + "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/setSchedWifi_start.md" } ] } diff --git a/2024/30xxx/CVE-2024-30589.json b/2024/30xxx/CVE-2024-30589.json index a8cbed6c60b..61761a93d35 100644 --- a/2024/30xxx/CVE-2024-30589.json +++ b/2024/30xxx/CVE-2024-30589.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-30589", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-30589", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda FH1202 v1.2.0.14(408) firmware has a stack overflow vulnerability in the entrys parameter of the fromAddressNat function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/fromAddressNat_entrys.md", + "refsource": "MISC", + "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/fromAddressNat_entrys.md" } ] } diff --git a/2024/30xxx/CVE-2024-30597.json b/2024/30xxx/CVE-2024-30597.json index 35c631a0fbd..2a7947e48c7 100644 --- a/2024/30xxx/CVE-2024-30597.json +++ b/2024/30xxx/CVE-2024-30597.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-30597", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-30597", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda FH1203 v2.0.1.6 firmware has a stack overflow vulnerability in the security parameter of the formWifiBasicSet function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/formWifiBasicSet_security.md", + "refsource": "MISC", + "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/formWifiBasicSet_security.md" } ] } diff --git a/2024/30xxx/CVE-2024-30598.json b/2024/30xxx/CVE-2024-30598.json index 8ef494a8a29..1fb4cf389d2 100644 --- a/2024/30xxx/CVE-2024-30598.json +++ b/2024/30xxx/CVE-2024-30598.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-30598", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-30598", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda FH1203 v2.0.1.6 firmware has a stack overflow vulnerability in the security_5g parameter of the formWifiBasicSet function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/formWifiBasicSet_security_5g.md", + "refsource": "MISC", + "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/formWifiBasicSet_security_5g.md" } ] } diff --git a/2024/30xxx/CVE-2024-30599.json b/2024/30xxx/CVE-2024-30599.json index 4dbcf8fa4d6..f095afd12fe 100644 --- a/2024/30xxx/CVE-2024-30599.json +++ b/2024/30xxx/CVE-2024-30599.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-30599", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-30599", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the deviceMac parameter of the addWifiMacFilter function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/addWifiMacFilter_deviceMac.md", + "refsource": "MISC", + "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/addWifiMacFilter_deviceMac.md" } ] } diff --git a/2024/30xxx/CVE-2024-30600.json b/2024/30xxx/CVE-2024-30600.json index 4a552640b0a..2712e1b17d7 100644 --- a/2024/30xxx/CVE-2024-30600.json +++ b/2024/30xxx/CVE-2024-30600.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-30600", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-30600", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the schedEndTime parameter of the setSchedWifi function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/setSchedWifi_end.md", + "refsource": "MISC", + "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/setSchedWifi_end.md" } ] } diff --git a/2024/30xxx/CVE-2024-30601.json b/2024/30xxx/CVE-2024-30601.json index 14ac69d6711..ae533bc0207 100644 --- a/2024/30xxx/CVE-2024-30601.json +++ b/2024/30xxx/CVE-2024-30601.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-30601", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-30601", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the time parameter of the saveParentControlInfo function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/saveParentControlInfo_time.md", + "refsource": "MISC", + "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/saveParentControlInfo_time.md" } ] } diff --git a/2024/30xxx/CVE-2024-30602.json b/2024/30xxx/CVE-2024-30602.json index 29f379df32c..885f8e2c50d 100644 --- a/2024/30xxx/CVE-2024-30602.json +++ b/2024/30xxx/CVE-2024-30602.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-30602", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-30602", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the schedStartTime parameter of the setSchedWifi function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/setSchedWifi_start.md", + "refsource": "MISC", + "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/setSchedWifi_start.md" } ] } diff --git a/2024/30xxx/CVE-2024-30603.json b/2024/30xxx/CVE-2024-30603.json index 5965e4d9db6..7cb68dba26c 100644 --- a/2024/30xxx/CVE-2024-30603.json +++ b/2024/30xxx/CVE-2024-30603.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-30603", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-30603", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the urls parameter of the saveParentControlInfo function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/saveParentControlInfo_urls.md", + "refsource": "MISC", + "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/saveParentControlInfo_urls.md" } ] } diff --git a/2024/30xxx/CVE-2024-30604.json b/2024/30xxx/CVE-2024-30604.json index c3e5249124d..358eb2029c5 100644 --- a/2024/30xxx/CVE-2024-30604.json +++ b/2024/30xxx/CVE-2024-30604.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-30604", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-30604", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the list1 parameter of the fromDhcpListClient function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/fromDhcpListClient_list1.md", + "refsource": "MISC", + "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/fromDhcpListClient_list1.md" } ] } diff --git a/2024/30xxx/CVE-2024-30606.json b/2024/30xxx/CVE-2024-30606.json index d1829de17e8..bef4e2adb3c 100644 --- a/2024/30xxx/CVE-2024-30606.json +++ b/2024/30xxx/CVE-2024-30606.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-30606", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-30606", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the page parameter of the fromDhcpListClient function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/fromDhcpListClient_page.md", + "refsource": "MISC", + "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/fromDhcpListClient_page.md" } ] } diff --git a/2024/30xxx/CVE-2024-30607.json b/2024/30xxx/CVE-2024-30607.json index 25c16942276..0b80ad3b8d9 100644 --- a/2024/30xxx/CVE-2024-30607.json +++ b/2024/30xxx/CVE-2024-30607.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-30607", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-30607", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the deviceId parameter of the saveParentControlInfo function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/saveParentControlInfo_deviceId.md", + "refsource": "MISC", + "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/saveParentControlInfo_deviceId.md" } ] } diff --git a/2024/30xxx/CVE-2024-30612.json b/2024/30xxx/CVE-2024-30612.json index 85d3f649dab..c828cb9f281 100644 --- a/2024/30xxx/CVE-2024-30612.json +++ b/2024/30xxx/CVE-2024-30612.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-30612", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-30612", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda AC10U v15.03.06.48 has a stack overflow vulnerability in the deviceId, limitSpeed, limitSpeedUp parameter from formSetClientState function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.48/more/formSetClientState.md", + "refsource": "MISC", + "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.48/more/formSetClientState.md" } ] } diff --git a/2024/3xxx/CVE-2024-3014.json b/2024/3xxx/CVE-2024-3014.json index a4f44d1ecaa..6da1313338a 100644 --- a/2024/3xxx/CVE-2024-3014.json +++ b/2024/3xxx/CVE-2024-3014.json @@ -1,109 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3014", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability classified as critical has been found in SourceCodester Simple Subscription Website 1.0. Affected is an unknown function of the file Actions.php. The manipulation of the argument title leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258300." - }, - { - "lang": "deu", - "value": "Es wurde eine kritische Schwachstelle in SourceCodester Simple Subscription Website 1.0 entdeckt. Es betrifft eine unbekannte Funktion der Datei Actions.php. Durch das Beeinflussen des Arguments title mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-89 SQL Injection", - "cweId": "CWE-89" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "SourceCodester", - "product": { - "product_data": [ - { - "product_name": "Simple Subscription Website", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "1.0" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://vuldb.com/?id.258300", - "refsource": "MISC", - "name": "https://vuldb.com/?id.258300" - }, - { - "url": "https://vuldb.com/?ctiid.258300", - "refsource": "MISC", - "name": "https://vuldb.com/?ctiid.258300" - }, - { - "url": "https://vuldb.com/?submit.305648", - "refsource": "MISC", - "name": "https://vuldb.com/?submit.305648" - }, - { - "url": "https://github.com/Viciglu/cvehub/blob/main/Simple%20Subscription%20Website%20with%20Admin%20System%20Actions.php%20has%20Sqlinjection.pdf", - "refsource": "MISC", - "name": "https://github.com/Viciglu/cvehub/blob/main/Simple%20Subscription%20Website%20with%20Admin%20System%20Actions.php%20has%20Sqlinjection.pdf" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "H.Shanley (VulDB User)" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "baseScore": 6.3, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "baseSeverity": "MEDIUM" - }, - { - "version": "3.0", - "baseScore": 6.3, - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "baseSeverity": "MEDIUM" - }, - { - "version": "2.0", - "baseScore": 6.5, - "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/3xxx/CVE-2024-3015.json b/2024/3xxx/CVE-2024-3015.json index d164f112b00..358f68b2046 100644 --- a/2024/3xxx/CVE-2024-3015.json +++ b/2024/3xxx/CVE-2024-3015.json @@ -1,109 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3015", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability classified as critical was found in SourceCodester Simple Subscription Website 1.0. Affected by this vulnerability is an unknown functionality of the file manage_plan.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258301 was assigned to this vulnerability." - }, - { - "lang": "deu", - "value": "In SourceCodester Simple Subscription Website 1.0 wurde eine kritische Schwachstelle entdeckt. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei manage_plan.php. Durch Beeinflussen des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-89 SQL Injection", - "cweId": "CWE-89" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "SourceCodester", - "product": { - "product_data": [ - { - "product_name": "Simple Subscription Website", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "1.0" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://vuldb.com/?id.258301", - "refsource": "MISC", - "name": "https://vuldb.com/?id.258301" - }, - { - "url": "https://vuldb.com/?ctiid.258301", - "refsource": "MISC", - "name": "https://vuldb.com/?ctiid.258301" - }, - { - "url": "https://vuldb.com/?submit.305649", - "refsource": "MISC", - "name": "https://vuldb.com/?submit.305649" - }, - { - "url": "https://github.com/Viciglu/cvehub/blob/main/Simple%20Subscription%20Website%20with%20Admin%20System%20manage_plan.php%20has%20Sqlinjection.pdf", - "refsource": "MISC", - "name": "https://github.com/Viciglu/cvehub/blob/main/Simple%20Subscription%20Website%20with%20Admin%20System%20manage_plan.php%20has%20Sqlinjection.pdf" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "H.Shanley (VulDB User)" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "baseScore": 6.3, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "baseSeverity": "MEDIUM" - }, - { - "version": "3.0", - "baseScore": 6.3, - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "baseSeverity": "MEDIUM" - }, - { - "version": "2.0", - "baseScore": 6.5, - "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/3xxx/CVE-2024-3039.json b/2024/3xxx/CVE-2024-3039.json index 19d993cb3e6..7c92a635faf 100644 --- a/2024/3xxx/CVE-2024-3039.json +++ b/2024/3xxx/CVE-2024-3039.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3039", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as critical has been found in Shanghai Brad Technology BladeX 3.4.0. Affected is an unknown function of the file /api/blade-user/export-user of the component API. The manipulation with the input updatexml(1,concat(0x3f,md5(123456),0x3f),1)=1 leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-258426 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "Es wurde eine kritische Schwachstelle in Shanghai Brad Technology BladeX 3.4.0 entdeckt. Hiervon betroffen ist ein unbekannter Codeblock der Datei /api/blade-user/export-user der Komponente API. Durch die Manipulation mit der Eingabe updatexml(1,concat(0x3f,md5(123456),0x3f),1)=1 mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Shanghai Brad Technology", + "product": { + "product_data": [ + { + "product_name": "BladeX", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.4.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.258426", + "refsource": "MISC", + "name": "https://vuldb.com/?id.258426" + }, + { + "url": "https://vuldb.com/?ctiid.258426", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.258426" + }, + { + "url": "https://vuldb.com/?submit.301469", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.301469" + }, + { + "url": "https://spoofer.cn/bladex_sqli/", + "refsource": "MISC", + "name": "https://spoofer.cn/bladex_sqli/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Spoofer (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2024/3xxx/CVE-2024-3040.json b/2024/3xxx/CVE-2024-3040.json index e02a3701803..f80e9a7c305 100644 --- a/2024/3xxx/CVE-2024-3040.json +++ b/2024/3xxx/CVE-2024-3040.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3040", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as critical, was found in Netentsec NS-ASG Application Security Gateway 6.3. This affects an unknown part of the file /admin/list_crl_conf. The manipulation of the argument CRLId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258429 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "Es wurde eine kritische Schwachstelle in Netentsec NS-ASG Application Security Gateway 6.3 gefunden. Betroffen hiervon ist ein unbekannter Ablauf der Datei /admin/list_crl_conf. Mittels Manipulieren des Arguments CRLId mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Netentsec", + "product": { + "product_data": [ + { + "product_name": "NS-ASG Application Security Gateway", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "6.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.258429", + "refsource": "MISC", + "name": "https://vuldb.com/?id.258429" + }, + { + "url": "https://vuldb.com/?ctiid.258429", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.258429" + }, + { + "url": "https://vuldb.com/?submit.302340", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.302340" + }, + { + "url": "https://github.com/flyyue2001/cve/blob/main/NS-ASG-sql-list_crl_conf.md", + "refsource": "MISC", + "name": "https://github.com/flyyue2001/cve/blob/main/NS-ASG-sql-list_crl_conf.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "onelastcrush (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2024/3xxx/CVE-2024-3041.json b/2024/3xxx/CVE-2024-3041.json index 666c57ded3c..7f051fd430f 100644 --- a/2024/3xxx/CVE-2024-3041.json +++ b/2024/3xxx/CVE-2024-3041.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3041", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been found in Netentsec NS-ASG Application Security Gateway 6.3 and classified as critical. This vulnerability affects unknown code of the file /protocol/log/listloginfo.php. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-258430 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "In Netentsec NS-ASG Application Security Gateway 6.3 wurde eine kritische Schwachstelle gefunden. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei /protocol/log/listloginfo.php. Durch das Manipulieren mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Netentsec", + "product": { + "product_data": [ + { + "product_name": "NS-ASG Application Security Gateway", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "6.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.258430", + "refsource": "MISC", + "name": "https://vuldb.com/?id.258430" + }, + { + "url": "https://vuldb.com/?ctiid.258430", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.258430" + }, + { + "url": "https://vuldb.com/?submit.302342", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.302342" + }, + { + "url": "https://github.com/flyyue2001/cve/blob/main/NS-ASG-sql-listloginfo.md", + "refsource": "MISC", + "name": "https://github.com/flyyue2001/cve/blob/main/NS-ASG-sql-listloginfo.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Activate-rz (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2024/3xxx/CVE-2024-3042.json b/2024/3xxx/CVE-2024-3042.json index 876f1193e44..299506c52a8 100644 --- a/2024/3xxx/CVE-2024-3042.json +++ b/2024/3xxx/CVE-2024-3042.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3042", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in SourceCodester Simple Subscription Website 1.0 and classified as critical. This issue affects some unknown processing of the file manage_user.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258431." + }, + { + "lang": "deu", + "value": "Eine kritische Schwachstelle wurde in SourceCodester Simple Subscription Website 1.0 gefunden. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei manage_user.php. Durch Manipulieren des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Simple Subscription Website", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.258431", + "refsource": "MISC", + "name": "https://vuldb.com/?id.258431" + }, + { + "url": "https://vuldb.com/?ctiid.258431", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.258431" + }, + { + "url": "https://vuldb.com/?submit.306119", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.306119" + }, + { + "url": "https://github.com/maxmvp666/planCve/blob/main/Simple%20Subscription%20Website%20with%20Admin%20System%20manage_user.php%20has%20Sqlinjection.pdf", + "refsource": "MISC", + "name": "https://github.com/maxmvp666/planCve/blob/main/Simple%20Subscription%20Website%20with%20Admin%20System%20manage_user.php%20has%20Sqlinjection.pdf" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "shaozhenghao666 (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] }