mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-05-06 18:53:08 +00:00
"-Synchronized-Data."
This commit is contained in:
CVE Team
parent
a563f4a1e8
commit
d3bb7686b9
@ -1,17 +1,328 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-8127",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "cna@vuldb.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "** UNSUPPPORTED WHEN ASSIGNED ** A vulnerability classified as critical was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. This vulnerability affects the function cgi_unzip of the file /cgi-bin/webfile_mgr.cgi of the component HTTP POST Request Handler. The manipulation of the argument path leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced."
|
||||
},
|
||||
{
|
||||
"lang": "deu",
|
||||
"value": "** UNSUPPPORTED WHEN ASSIGNED ** In D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 bis 20240814 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Dabei geht es um die Funktion cgi_unzip der Datei /cgi-bin/webfile_mgr.cgi der Komponente HTTP POST Request Handler. Mittels dem Manipulieren des Arguments path mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-77 Command Injection",
|
||||
"cweId": "CWE-77"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "D-Link",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "DNS-120",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "20240814"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "DNR-202L",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "20240814"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "DNS-315L",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "20240814"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "DNS-320",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "20240814"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "DNS-320L",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "20240814"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "DNS-320LW",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "20240814"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "DNS-321",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "20240814"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "DNR-322L",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "20240814"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "DNS-323",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "20240814"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "DNS-325",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "20240814"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "DNS-326",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "20240814"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "DNS-327L",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "20240814"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "DNR-326",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "20240814"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "DNS-340L",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "20240814"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "DNS-343",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "20240814"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "DNS-345",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "20240814"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "DNS-726-4",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "20240814"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "DNS-1100-4",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "20240814"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "DNS-1200-05",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "20240814"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "DNS-1550-04",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "20240814"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://vuldb.com/?id.275698",
|
||||
"refsource": "MISC",
|
||||
"name": "https://vuldb.com/?id.275698"
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?ctiid.275698",
|
||||
"refsource": "MISC",
|
||||
"name": "https://vuldb.com/?ctiid.275698"
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?submit.396236",
|
||||
"refsource": "MISC",
|
||||
"name": "https://vuldb.com/?submit.396236"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_unzip.md",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_unzip.md"
|
||||
},
|
||||
{
|
||||
"url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383",
|
||||
"refsource": "MISC",
|
||||
"name": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383"
|
||||
},
|
||||
{
|
||||
"url": "https://www.dlink.com/",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.dlink.com/"
|
||||
}
|
||||
]
|
||||
},
|
||||
"credits": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "BuaaIoTTeam (VulDB User)"
|
||||
}
|
||||
],
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.1",
|
||||
"baseScore": 6.3,
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
{
|
||||
"version": "3.0",
|
||||
"baseScore": 6.3,
|
||||
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
{
|
||||
"version": "2.0",
|
||||
"baseScore": 6.5,
|
||||
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user