"-Synchronized-Data."

2025-05-07 03:02:46 +00:00 · 2024-08-01 03:00:36 +00:00 · 2024-08-01 03:00:36 +00:00 · cd7a9ff0a1
commit cd7a9ff0a1
parent df32d59393
2 changed files with 192 additions and 8 deletions
--- a/2024/7xxx/CVE-2024-7336.json
+++ b/2024/7xxx/CVE-2024-7336.json
@ -1,17 +1,109 @@
 {
+    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
        "ID": "CVE-2024-7336",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ASSIGNER": "cna@vuldb.com",
+        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "A vulnerability classified as critical was found in TOTOLINK EX200 4.0.3c.7646_B20201211. Affected by this vulnerability is the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument http_host leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273259. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
+            },
+            {
+                "lang": "deu",
+                "value": "In TOTOLINK EX200 4.0.3c.7646_B20201211 wurde eine kritische Schwachstelle entdeckt. Hierbei betrifft es die Funktion loginauth der Datei /cgi-bin/cstecgi.cgi. Durch Manipulieren des Arguments http_host mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-120 Buffer Overflow",
+                        "cweId": "CWE-120"
+                    }
+                ]
+            }
+        ]
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "TOTOLINK",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "EX200",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_affected": "=",
+                                            "version_value": "4.0.3c.7646_B20201211"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://vuldb.com/?id.273259",
+                "refsource": "MISC",
+                "name": "https://vuldb.com/?id.273259"
+            },
+            {
+                "url": "https://vuldb.com/?ctiid.273259",
+                "refsource": "MISC",
+                "name": "https://vuldb.com/?ctiid.273259"
+            },
+            {
+                "url": "https://vuldb.com/?submit.379314",
+                "refsource": "MISC",
+                "name": "https://vuldb.com/?submit.379314"
+            },
+            {
+                "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/EX200/loginauth.md",
+                "refsource": "MISC",
+                "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/EX200/loginauth.md"
+            }
+        ]
+    },
+    "credits": [
+        {
+            "lang": "en",
+            "value": "yhryhryhr_tu (VulDB User)"
+        }
+    ],
+    "impact": {
+        "cvss": [
+            {
+                "version": "3.1",
+                "baseScore": 8.8,
+                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+                "baseSeverity": "HIGH"
+            },
+            {
+                "version": "3.0",
+                "baseScore": 8.8,
+                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+                "baseSeverity": "HIGH"
+            },
+            {
+                "version": "2.0",
+                "baseScore": 9,
+                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C"
            }
        ]
    }
--- a/2024/7xxx/CVE-2024-7337.json
+++ b/2024/7xxx/CVE-2024-7337.json
@ -1,17 +1,109 @@
 {
+    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
        "ID": "CVE-2024-7337",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ASSIGNER": "cna@vuldb.com",
+        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200L 9.3.5u.6146_B20201023. Affected by this issue is the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument http_host leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273260. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
+            },
+            {
+                "lang": "deu",
+                "value": "Eine kritische Schwachstelle wurde in TOTOLINK EX1200L 9.3.5u.6146_B20201023 entdeckt. Davon betroffen ist die Funktion loginauth der Datei /cgi-bin/cstecgi.cgi. Durch das Beeinflussen des Arguments http_host mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-120 Buffer Overflow",
+                        "cweId": "CWE-120"
+                    }
+                ]
+            }
+        ]
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "TOTOLINK",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "EX1200L",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_affected": "=",
+                                            "version_value": "9.3.5u.6146_B20201023"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://vuldb.com/?id.273260",
+                "refsource": "MISC",
+                "name": "https://vuldb.com/?id.273260"
+            },
+            {
+                "url": "https://vuldb.com/?ctiid.273260",
+                "refsource": "MISC",
+                "name": "https://vuldb.com/?ctiid.273260"
+            },
+            {
+                "url": "https://vuldb.com/?submit.379315",
+                "refsource": "MISC",
+                "name": "https://vuldb.com/?submit.379315"
+            },
+            {
+                "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/EX1200/loginauth.md",
+                "refsource": "MISC",
+                "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/EX1200/loginauth.md"
+            }
+        ]
+    },
+    "credits": [
+        {
+            "lang": "en",
+            "value": "yhryhryhr_tu (VulDB User)"
+        }
+    ],
+    "impact": {
+        "cvss": [
+            {
+                "version": "3.1",
+                "baseScore": 8.8,
+                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+                "baseSeverity": "HIGH"
+            },
+            {
+                "version": "3.0",
+                "baseScore": 8.8,
+                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+                "baseSeverity": "HIGH"
+            },
+            {
+                "version": "2.0",
+                "baseScore": 9,
+                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C"
            }
        ]
    }