"-Synchronized-Data."

2025-08-04 08:44:25 +00:00 · 2021-01-01 07:01:38 +00:00 · 2021-01-01 07:01:38 +00:00 · e32343b7d7
commit e32343b7d7
parent d8678a317d
2 changed files with 69 additions and 6 deletions
--- a/2020/12xxx/CVE-2020-12666.json
+++ b/2020/12xxx/CVE-2020-12666.json
@ -61,6 +61,11 @@
                "url": "https://github.com/go-macaron/macaron/issues/198",
                "refsource": "MISC",
                "name": "https://github.com/go-macaron/macaron/issues/198"
+            },
+            {
+                "refsource": "FEDORA",
+                "name": "FEDORA-2020-66e6e8d027",
+                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3QEUOHRC4EN4WZ66EVFML2UCV7ZQ63XZ/"
            }
        ]
    }
--- a/2020/35xxx/CVE-2020-35391.json
+++ b/2020/35xxx/CVE-2020-35391.json
@ -1,18 +1,76 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
-        "ID": "CVE-2020-35391",
        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ID": "CVE-2020-35391",
+        "STATE": "PUBLIC"
    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "n/a",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "n/a"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "n/a"
+                }
+            ]
+        }
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "Tenda N300 F3 12.01.01.48 devices allow remote attackers to obtain sensitive information (possibly including an http_passwd line) via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg, a related issue to CVE-2017-14942. NOTE: the vulnerability report may suggest that either a ? character must be placed after the RouterCfm.cfg filename, or that the HTTP request headers must be unusual, but it is not known why these are relevant to the device's HTTP response behavior."
            }
        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "n/a"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://medium.com/@signalhilltech/tenda-n300-authentication-bypass-via-malformed-http-request-header-5b8744ca685e",
+                "refsource": "MISC",
+                "name": "https://medium.com/@signalhilltech/tenda-n300-authentication-bypass-via-malformed-http-request-header-5b8744ca685e"
+            }
+        ]
+    },
+    "impact": {
+        "cvss": {
+            "attackComplexity": "LOW",
+            "attackVector": "ADJACENT",
+            "availabilityImpact": "HIGH",
+            "confidentialityImpact": "HIGH",
+            "integrityImpact": "HIGH",
+            "privilegesRequired": "NONE",
+            "scope": "CHANGED",
+            "userInteraction": "NONE",
+            "vectorString": "CVSS:3.1/AC:L/AV:A/A:H/C:H/I:H/PR:N/S:C/UI:N",
+            "version": "3.1"
+        }
    }
 }