admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-04-25 00:00:39 +00:00
parent 06fc014d00
commit d3ede65aab
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
2 changed files with 211 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

103
2025/2xxx/CVE-2025-2185.json
View File

@ -1,17 +1,112 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-2185",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "ALBEDO Telecom Net.Time - PTP/NTP clock (Serial No. NBC0081P) software release 1.4.4 is vulnerable to an insufficient session expiration vulnerability, which\n could permit an attacker to transmit passwords over unencrypted \nconnections, resulting in the product becoming vulnerable to \ninterception."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-613 Insufficient Session Expiration",
"cweId": "CWE-613"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ALBEDO Telecom",
"product": {
"product_data": [
{
"product_name": "Net.Time - PTP/NTP clock (Serial No. NBC0081P)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.4.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-114-02",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-114-02"
},
{
"url": "https://www.albedotelecom.com/contactus.php",
"refsource": "MISC",
"name": "https://www.albedotelecom.com/contactus.php"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "ICSA-25-114-02",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>ALBEDO Telecom has identified the following mitigations users can apply to reduce risk:</p>\n<ul>\n<li>Net.Time - PTP/NTP clock (Serial No. NBC0081P) Software release 1.4.4: Update to v1.6.1</li>\n</ul>\n<p>For more information, please <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.albedotelecom.com/contactus.php\">contact ALBEDO Telecom.</a></p>\n\n<br>"
}
],
"value": "ALBEDO Telecom has identified the following mitigations users can apply to reduce risk:\n\n\n\n * Net.Time - PTP/NTP clock (Serial No. NBC0081P) Software release 1.4.4: Update to v1.6.1\n\n\n\n\nFor more information, please contact ALBEDO Telecom. https://www.albedotelecom.com/contactus.php"
}
],
"credits": [
{
"lang": "en",
"value": "Khalid Markar, Parul Sindhwad & Dr. Faruk Kazi from CoE-CNDS Lab reported this vulnerability to CISA."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

116
2025/3xxx/CVE-2025-3606.json
View File

@ -1,17 +1,125 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-3606",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Vestel AC Charger \nversion \n\n3.75.0 contains a vulnerability that \ncould enable an attacker to access files containing sensitive \ninformation, such as credentials which could be used to further \ncompromise the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-497",
"cweId": "CWE-497"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Vestel",
"product": {
"product_data": [
{
"product_name": "AC Charger EVC04",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.75.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-114-03",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-114-03"
},
{
"url": "https://firebasestorage.googleapis.com/v0/b/vestel-shield.firebasestorage.app/o/PRODUCTION%2F1%2FVSA-1_R2.pdf?alt=media&token=8201f299-5014-4720-9200-f1b335736ac1",
"refsource": "MISC",
"name": "https://firebasestorage.googleapis.com/v0/b/vestel-shield.firebasestorage.app/o/PRODUCTION%2F1%2FVSA-1_R2.pdf?alt=media&token=8201f299-5014-4720-9200-f1b335736ac1"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "ICSA-25-114-03",
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>Avoid using open network:</p>\n<ul>\n<li>Use secure methods like virtual private networks (VPNs) for remote \naccess. Regularly update VPNs to their latest versions and ensure that \nconnected devices maintain strong security measures.</li>\n<li>Reduce network exposure for applications and endpoints. Only make \nthem accessible via the Internet if specifically designed for and \nrequired by their intended use.</li>\n</ul>\n<p>Login Credentials Management:</p>\n<ul>\n<li>Force end user to revise the factory default set username and password of webconfig page.</li>\n<li>Remove any printed documents such as installation guide, instruction\n book, quick start guide from web where login credentials are featured.</li>\n</ul>\n<p>Please refer to Vestel's <a target=\"_blank\" rel=\"nofollow\" href=\"https://firebasestorage.googleapis.com/v0/b/vestel-shield.firebasestorage.app/o/PRODUCTION%2F1%2FVSA-1_R2.pdf?alt=media&amp;token=8201f299-5014-4720-9200-f1b335736ac1\">advisory</a> for more information.\n\n<br></p>"
}
],
"value": "Avoid using open network:\n\n\n\n * Use secure methods like virtual private networks (VPNs) for remote \naccess. Regularly update VPNs to their latest versions and ensure that \nconnected devices maintain strong security measures.\n\n * Reduce network exposure for applications and endpoints. Only make \nthem accessible via the Internet if specifically designed for and \nrequired by their intended use.\n\n\n\n\nLogin Credentials Management:\n\n\n\n * Force end user to revise the factory default set username and password of webconfig page.\n\n * Remove any printed documents such as installation guide, instruction\n book, quick start guide from web where login credentials are featured.\n\n\n\n\nPlease refer to Vestel's advisory https://firebasestorage.googleapis.com/v0/b/vestel-shield.firebasestorage.app/o/PRODUCTION%2F1%2FVSA-1_R2.pdf for more information."
}
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vestel strongly suggests that users of the related AC chargers update to version V3.187 or a higher version.<br>"
}
],
"value": "Vestel strongly suggests that users of the related AC chargers update to version V3.187 or a higher version."
}
],
"credits": [
{
"lang": "en",
"value": "Cumhur Kizilari reported this vulnerability to CISA."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}