"-Synchronized-Data."

2025-08-04 08:44:25 +00:00 · 2022-09-06 02:00:35 +00:00 · 2022-09-06 02:00:35 +00:00 · c96afb7b10
commit c96afb7b10
parent d52648b9de
1 changed files with 69 additions and 1 deletions
--- a/2022/34xxx/CVE-2022-34747.json
+++ b/2022/34xxx/CVE-2022-34747.json
@ -1 +1,69 @@
-{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ASSIGNER":"PSIRT@zyxel.com.tw","ID":"CVE-2022-34747"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Zyxel","product":{"product_data":[{"product_name":"Zyxel NAS326 firmware","version":{"version_data":[{"version_value":"< V5.21(AAZF.12)C0"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-134: Use of Externally-Controlled Format String"}]}]},"references":{"reference_data":[{"refsource":"CONFIRM","name":"https://www.zyxel.com/support/Zyxel-security-advisory-for-format-string-vulnerability-in-NAS.shtml","url":"https://www.zyxel.com/support/Zyxel-security-advisory-for-format-string-vulnerability-in-NAS.shtml"}]},"impact":{"cvss":{"baseScore":"9.8","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}},"description":{"description_data":[{"lang":"eng","value":"A format string vulnerability in Zyxel NAS326 firmware versions prior to V5.21(AAZF.12)C0 could allow an attacker to achieve unauthorized remote code execution via a crafted UDP packet."}]}}
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ASSIGNER": "security@zyxel.com.tw",
+        "ID": "CVE-2022-34747",
+        "STATE": "PUBLIC"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "Zyxel",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Zyxel NAS326 firmware",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "< V5.21(AAZF.12)C0"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-134: Use of Externally-Controlled Format String"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "CONFIRM",
+                "name": "https://www.zyxel.com/support/Zyxel-security-advisory-for-format-string-vulnerability-in-NAS.shtml",
+                "url": "https://www.zyxel.com/support/Zyxel-security-advisory-for-format-string-vulnerability-in-NAS.shtml"
+            }
+        ]
+    },
+    "impact": {
+        "cvss": {
+            "baseScore": "9.8",
+            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+            "version": "3.1"
+        }
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "A format string vulnerability in Zyxel NAS326 firmware versions prior to V5.21(AAZF.12)C0 could allow an attacker to achieve unauthorized remote code execution via a crafted UDP packet."
+            }
+        ]
+    }
+}