diff --git a/2022/39xxx/CVE-2022-39293.json b/2022/39xxx/CVE-2022-39293.json index e391fd4b17d..ca380904817 100644 --- a/2022/39xxx/CVE-2022-39293.json +++ b/2022/39xxx/CVE-2022-39293.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "Azure RTOS USBX is a high-performance USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. The case is, in [_ux_host_class_pima_read](https://github.com/azure-rtos/usbx/blob/master/common/usbx_host_classes/src/ux_host_class_pima_read.c), there is data length from device response, returned in the very first packet, and read by [L165 code](https://github.com/azure-rtos/usbx/blob/082fd9db09a3669eca3358f10b8837a5c1635c0b/common/usbx_host_classes/src/ux_host_class_pima_read.c#L165), as header_length. Then in [L178 code](https://github.com/azure-rtos/usbx/blob/082fd9db09a3669eca3358f10b8837a5c1635c0b/common/usbx_host_classes/src/ux_host_class_pima_read.c#L178), there is a “if” branch, which check the expression of “(header_length - UX_HOST_CLASS_PIMA_DATA_HEADER_SIZE) > data_length” where if header_length is smaller than UX_HOST_CLASS_PIMA_DATA_HEADER_SIZE, calculation could overflow and then [L182 code](https://github.com/azure-rtos/usbx/blob/082fd9db09a3669eca3358f10b8837a5c1635c0b/common/usbx_host_classes/src/ux_host_class_pima_read.c#L182) the calculation of data_length is also overflow, this way the later [while loop start from L192](https://github.com/azure-rtos/usbx/blob/082fd9db09a3669eca3358f10b8837a5c1635c0b/common/usbx_host_classes/src/ux_host_class_pima_read.c#L192) can move data_pointer to unexpected address and cause write buffer overflow. The fix has been included in USBX release [6.1.12](https://github.com/azure-rtos/usbx/releases/tag/v6.1.12_rel). The following can be used as a workaround: Add check of `header_length`: 1. It must be greater than `UX_HOST_CLASS_PIMA_DATA_HEADER_SIZE`.\n1. It should be greater or equal to the current returned data length (`transfer_request -> ux_transfer_request_actual_length`)." + "value": "Azure RTOS USBX is a high-performance USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. The case is, in [_ux_host_class_pima_read](https://github.com/azure-rtos/usbx/blob/master/common/usbx_host_classes/src/ux_host_class_pima_read.c), there is data length from device response, returned in the very first packet, and read by [L165 code](https://github.com/azure-rtos/usbx/blob/082fd9db09a3669eca3358f10b8837a5c1635c0b/common/usbx_host_classes/src/ux_host_class_pima_read.c#L165), as header_length. Then in [L178 code](https://github.com/azure-rtos/usbx/blob/082fd9db09a3669eca3358f10b8837a5c1635c0b/common/usbx_host_classes/src/ux_host_class_pima_read.c#L178), there is a \u201cif\u201d branch, which check the expression of \u201c(header_length - UX_HOST_CLASS_PIMA_DATA_HEADER_SIZE) > data_length\u201d where if header_length is smaller than UX_HOST_CLASS_PIMA_DATA_HEADER_SIZE, calculation could overflow and then [L182 code](https://github.com/azure-rtos/usbx/blob/082fd9db09a3669eca3358f10b8837a5c1635c0b/common/usbx_host_classes/src/ux_host_class_pima_read.c#L182) the calculation of data_length is also overflow, this way the later [while loop start from L192](https://github.com/azure-rtos/usbx/blob/082fd9db09a3669eca3358f10b8837a5c1635c0b/common/usbx_host_classes/src/ux_host_class_pima_read.c#L192) can move data_pointer to unexpected address and cause write buffer overflow. The fix has been included in USBX release [6.1.12](https://github.com/azure-rtos/usbx/releases/tag/v6.1.12_rel). The following can be used as a workaround: Add check of `header_length`: 1. It must be greater than `UX_HOST_CLASS_PIMA_DATA_HEADER_SIZE`. 1. It should be greater or equal to the current returned data length (`transfer_request -> ux_transfer_request_actual_length`)." } ] }, @@ -69,15 +69,15 @@ }, "references": { "reference_data": [ - { - "name": "https://github.com/azure-rtos/usbx/security/advisories/GHSA-gg76-h537-xq48", - "refsource": "CONFIRM", - "url": "https://github.com/azure-rtos/usbx/security/advisories/GHSA-gg76-h537-xq48" - }, { "name": "https://github.com/azure-rtos/usbx/releases/tag/v6.1.12_rel", "refsource": "MISC", "url": "https://github.com/azure-rtos/usbx/releases/tag/v6.1.12_rel" + }, + { + "name": "https://github.com/azure-rtos/usbx/security/advisories/GHSA-gg76-h537-xq48", + "refsource": "CONFIRM", + "url": "https://github.com/azure-rtos/usbx/security/advisories/GHSA-gg76-h537-xq48" } ] }, diff --git a/2022/3xxx/CVE-2022-3498.json b/2022/3xxx/CVE-2022-3498.json new file mode 100644 index 00000000000..adb7e6dfa69 --- /dev/null +++ b/2022/3xxx/CVE-2022-3498.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3498", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3499.json b/2022/3xxx/CVE-2022-3499.json new file mode 100644 index 00000000000..04fa99eef51 --- /dev/null +++ b/2022/3xxx/CVE-2022-3499.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-3499", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/41xxx/CVE-2022-41480.json b/2022/41xxx/CVE-2022-41480.json index c5b31bfff02..f342c339693 100644 --- a/2022/41xxx/CVE-2022-41480.json +++ b/2022/41xxx/CVE-2022-41480.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-41480", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-41480", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in the 0x475dc function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.tendacn.com/download/detail-3794.html", + "refsource": "MISC", + "name": "https://www.tendacn.com/download/detail-3794.html" + }, + { + "url": "https://github.com/Davidteeri/Bug-Report/blob/main/tenda-AC6-%200x47c5dc%20-%20name.md", + "refsource": "MISC", + "name": "https://github.com/Davidteeri/Bug-Report/blob/main/tenda-AC6-%200x47c5dc%20-%20name.md" } ] } diff --git a/2022/41xxx/CVE-2022-41481.json b/2022/41xxx/CVE-2022-41481.json index 65c3976f65d..aa7e5613956 100644 --- a/2022/41xxx/CVE-2022-41481.json +++ b/2022/41xxx/CVE-2022-41481.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-41481", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-41481", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in the 0x47de1c function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.tendacn.com/download/detail-3794.html", + "refsource": "MISC", + "name": "https://www.tendacn.com/download/detail-3794.html" + }, + { + "url": "https://github.com/Davidteeri/Bug-Report/blob/main/tenda-AC6-%200x47de1c.md", + "refsource": "MISC", + "name": "https://github.com/Davidteeri/Bug-Report/blob/main/tenda-AC6-%200x47de1c.md" } ] } diff --git a/2022/41xxx/CVE-2022-41482.json b/2022/41xxx/CVE-2022-41482.json index 151e3795390..19394b855d0 100644 --- a/2022/41xxx/CVE-2022-41482.json +++ b/2022/41xxx/CVE-2022-41482.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-41482", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-41482", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in the 0x47c5dc function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.tendacn.com/download/detail-3794.html", + "refsource": "MISC", + "name": "https://www.tendacn.com/download/detail-3794.html" + }, + { + "url": "https://github.com/Davidteeri/Bug-Report/blob/main/tenda-AC6-%200x47c5dc_value.md", + "refsource": "MISC", + "name": "https://github.com/Davidteeri/Bug-Report/blob/main/tenda-AC6-%200x47c5dc_value.md" } ] } diff --git a/2022/41xxx/CVE-2022-41483.json b/2022/41xxx/CVE-2022-41483.json index 9843ac2ee6f..9ce5513bcc2 100644 --- a/2022/41xxx/CVE-2022-41483.json +++ b/2022/41xxx/CVE-2022-41483.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-41483", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-41483", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in the 0x4a12cc function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.tendacn.com/download/detail-3794.html", + "refsource": "MISC", + "name": "https://www.tendacn.com/download/detail-3794.html" + }, + { + "url": "https://github.com/Davidteeri/Bug-Report/blob/main/tenda-AC6-%200x4212cc.md", + "refsource": "MISC", + "name": "https://github.com/Davidteeri/Bug-Report/blob/main/tenda-AC6-%200x4212cc.md" } ] } diff --git a/2022/41xxx/CVE-2022-41484.json b/2022/41xxx/CVE-2022-41484.json index f9dbc7378a6..c58c91dc53f 100644 --- a/2022/41xxx/CVE-2022-41484.json +++ b/2022/41xxx/CVE-2022-41484.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-41484", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-41484", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in the 0x32384 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.tp-link.com/us/support/download/ap500/#Firmware", + "refsource": "MISC", + "name": "https://www.tp-link.com/us/support/download/ap500/#Firmware" + }, + { + "url": "https://github.com/Davidteeri/Bug-Report/blob/main/tplink-AC1900%20.md", + "refsource": "MISC", + "name": "https://github.com/Davidteeri/Bug-Report/blob/main/tplink-AC1900%20.md" } ] } diff --git a/2022/41xxx/CVE-2022-41485.json b/2022/41xxx/CVE-2022-41485.json index d4432ea3a27..5a2aea363ca 100644 --- a/2022/41xxx/CVE-2022-41485.json +++ b/2022/41xxx/CVE-2022-41485.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-41485", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-41485", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in the 0x47ce00 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.tendacn.com/download/detail-3794.html", + "refsource": "MISC", + "name": "https://www.tendacn.com/download/detail-3794.html" + }, + { + "url": "https://github.com/Davidteeri/Bug-Report/blob/main/tenda-AC6-%200x47ce00.md", + "refsource": "MISC", + "name": "https://github.com/Davidteeri/Bug-Report/blob/main/tenda-AC6-%200x47ce00.md" } ] } diff --git a/2022/42xxx/CVE-2022-42156.json b/2022/42xxx/CVE-2022-42156.json index 3fabb9b399e..eaabbd33569 100644 --- a/2022/42xxx/CVE-2022-42156.json +++ b/2022/42xxx/CVE-2022-42156.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-42156", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-42156", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "D-Link COVR 1200,1203 v1.08 was discovered to contain a command injection vulnerability via the tomography_ping_number parameter at function SetNetworkTomographySettings." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.dlink.com/en/security-bulletin/", + "refsource": "MISC", + "name": "https://www.dlink.com/en/security-bulletin/" + }, + { + "url": "https://github.com/14isnot40/vul_discovery/blob/master/D-Link%20COVR%2012xx%20.pdf", + "refsource": "MISC", + "name": "https://github.com/14isnot40/vul_discovery/blob/master/D-Link%20COVR%2012xx%20.pdf" } ] } diff --git a/2022/42xxx/CVE-2022-42159.json b/2022/42xxx/CVE-2022-42159.json index caf4b44416a..1711a4b9039 100644 --- a/2022/42xxx/CVE-2022-42159.json +++ b/2022/42xxx/CVE-2022-42159.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-42159", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-42159", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "D-Link COVR 1200,1202,1203 v1.08 was discovered to have a predictable seed in a Pseudo-Random Number Generator." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.dlink.com/en/security-bulletin/", + "refsource": "MISC", + "name": "https://www.dlink.com/en/security-bulletin/" + }, + { + "url": "https://github.com/14isnot40/vul_discovery/blob/master/D-Link%20COVR%2012xx%20.pdf", + "refsource": "MISC", + "name": "https://github.com/14isnot40/vul_discovery/blob/master/D-Link%20COVR%2012xx%20.pdf" } ] } diff --git a/2022/42xxx/CVE-2022-42160.json b/2022/42xxx/CVE-2022-42160.json index 8614b8e3076..1a54b446c25 100644 --- a/2022/42xxx/CVE-2022-42160.json +++ b/2022/42xxx/CVE-2022-42160.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-42160", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-42160", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command injection vulnerability via the system_time_timezone parameter at function SetNTPServerSettings." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.dlink.com/en/security-bulletin/", + "refsource": "MISC", + "name": "https://www.dlink.com/en/security-bulletin/" + }, + { + "url": "https://github.com/14isnot40/vul_discovery/blob/master/D-Link%20COVR%2012xx%20.pdf", + "refsource": "MISC", + "name": "https://github.com/14isnot40/vul_discovery/blob/master/D-Link%20COVR%2012xx%20.pdf" } ] } diff --git a/2022/42xxx/CVE-2022-42161.json b/2022/42xxx/CVE-2022-42161.json index 3bc4657a86d..f1c9d9f7285 100644 --- a/2022/42xxx/CVE-2022-42161.json +++ b/2022/42xxx/CVE-2022-42161.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-42161", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-42161", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command injection vulnerability via the /SetTriggerWPS/PIN parameter at function SetTriggerWPS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.dlink.com/en/security-bulletin/", + "refsource": "MISC", + "name": "https://www.dlink.com/en/security-bulletin/" + }, + { + "url": "https://github.com/14isnot40/vul_discovery/blob/master/D-Link%20COVR%2012xx%20.pdf", + "refsource": "MISC", + "name": "https://github.com/14isnot40/vul_discovery/blob/master/D-Link%20COVR%2012xx%20.pdf" } ] }