From eeecd59beb1f0c5b43b9f32ea40601508e88739d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 7 Sep 2021 06:00:58 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2018/1000xxx/CVE-2018-1000632.json | 5 +++ 2019/10xxx/CVE-2019-10172.json | 5 +++ 2020/10xxx/CVE-2020-10683.json | 5 +++ 2021/28xxx/CVE-2021-28135.json | 71 +++++++++++++++++++++++++++--- 2021/28xxx/CVE-2021-28136.json | 71 +++++++++++++++++++++++++++--- 2021/28xxx/CVE-2021-28155.json | 61 ++++++++++++++++++++++--- 2021/33xxx/CVE-2021-33831.json | 61 ++++++++++++++++++++++--- 2021/34xxx/CVE-2021-34144.json | 66 ++++++++++++++++++++++++--- 2021/34xxx/CVE-2021-34150.json | 61 ++++++++++++++++++++++--- 2021/38xxx/CVE-2021-38840.json | 71 +++++++++++++++++++++++++++--- 2021/38xxx/CVE-2021-38841.json | 66 ++++++++++++++++++++++++--- 2021/39xxx/CVE-2021-39278.json | 56 ++++++++++++++++++++--- 2021/39xxx/CVE-2021-39279.json | 56 ++++++++++++++++++++--- 13 files changed, 595 insertions(+), 60 deletions(-) diff --git a/2018/1000xxx/CVE-2018-1000632.json b/2018/1000xxx/CVE-2018-1000632.json index efea725c695..5b1552726bd 100644 --- a/2018/1000xxx/CVE-2018-1000632.json +++ b/2018/1000xxx/CVE-2018-1000632.json @@ -194,6 +194,11 @@ "url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuApr2021.html" + }, + { + "refsource": "MLIST", + "name": "[freemarker-notifications] 20210906 [jira] [Created] (FREEMARKER-190) The jar dom4j has known security issue that Freemarker compiles dependend on it", + "url": "https://lists.apache.org/thread.html/rb1b990d7920ae0d50da5109b73b92bab736d46c9788dd4b135cb1a51@%3Cnotifications.freemarker.apache.org%3E" } ] } diff --git a/2019/10xxx/CVE-2019-10172.json b/2019/10xxx/CVE-2019-10172.json index 88a3fcca10c..dc9883b47c4 100644 --- a/2019/10xxx/CVE-2019-10172.json +++ b/2019/10xxx/CVE-2019-10172.json @@ -183,6 +183,11 @@ "refsource": "MLIST", "name": "[hadoop-common-issues] 20210906 [jira] [Commented] (HADOOP-17225) Update jackson-mapper-asl-1.9.13 to atlassian version to mitigate: CVE-2019-10172", "url": "https://lists.apache.org/thread.html/r1f07e61b3ebabd3e5b4aa97bf1b26d98b793fdfa29a23dac60633f55@%3Ccommon-issues.hadoop.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[hadoop-common-issues] 20210907 [jira] [Commented] (HADOOP-17225) Update jackson-mapper-asl-1.9.13 to atlassian version to mitigate: CVE-2019-10172", + "url": "https://lists.apache.org/thread.html/r08e1b73fabd986dcd2ddd7d09480504d1472264bed2f19b1d2002a9c@%3Ccommon-issues.hadoop.apache.org%3E" } ] }, diff --git a/2020/10xxx/CVE-2020-10683.json b/2020/10xxx/CVE-2020-10683.json index 6834d863da3..ad2b4b703cf 100644 --- a/2020/10xxx/CVE-2020-10683.json +++ b/2020/10xxx/CVE-2020-10683.json @@ -131,6 +131,11 @@ "url": "https://www.oracle.com//security-alerts/cpujul2021.html", "refsource": "MISC", "name": "https://www.oracle.com//security-alerts/cpujul2021.html" + }, + { + "refsource": "MLIST", + "name": "[freemarker-notifications] 20210906 [jira] [Created] (FREEMARKER-190) The jar dom4j has known security issue that Freemarker compiles dependend on it", + "url": "https://lists.apache.org/thread.html/rb1b990d7920ae0d50da5109b73b92bab736d46c9788dd4b135cb1a51@%3Cnotifications.freemarker.apache.org%3E" } ] } diff --git a/2021/28xxx/CVE-2021-28135.json b/2021/28xxx/CVE-2021-28135.json index 6ec99359b3b..fe4470baee4 100644 --- a/2021/28xxx/CVE-2021-28135.json +++ b/2021/28xxx/CVE-2021-28135.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-28135", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-28135", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service (crash) in ESP32 by flooding the target device with LMP Feature Response data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/espressif/esp-idf", + "refsource": "MISC", + "name": "https://github.com/espressif/esp-idf" + }, + { + "url": "https://github.com/espressif/esp32-bt-lib", + "refsource": "MISC", + "name": "https://github.com/espressif/esp32-bt-lib" + }, + { + "url": "https://www.espressif.com/en/products/socs/esp32", + "refsource": "MISC", + "name": "https://www.espressif.com/en/products/socs/esp32" + }, + { + "refsource": "MISC", + "name": "https://dl.packetstormsecurity.net/papers/general/braktooth.pdf", + "url": "https://dl.packetstormsecurity.net/papers/general/braktooth.pdf" } ] } diff --git a/2021/28xxx/CVE-2021-28136.json b/2021/28xxx/CVE-2021-28136.json index ee2c688b014..692ca8ec73d 100644 --- a/2021/28xxx/CVE-2021-28136.json +++ b/2021/28xxx/CVE-2021-28136.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-28136", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-28136", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly handle the reception of multiple LMP IO Capability Request packets during the pairing process, allowing attackers in radio range to trigger memory corruption (and consequently a crash) in ESP32 via a replayed (duplicated) LMP packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/espressif/esp-idf", + "refsource": "MISC", + "name": "https://github.com/espressif/esp-idf" + }, + { + "url": "https://github.com/espressif/esp32-bt-lib", + "refsource": "MISC", + "name": "https://github.com/espressif/esp32-bt-lib" + }, + { + "url": "https://www.espressif.com/en/products/socs/esp32", + "refsource": "MISC", + "name": "https://www.espressif.com/en/products/socs/esp32" + }, + { + "refsource": "MISC", + "name": "https://dl.packetstormsecurity.net/papers/general/braktooth.pdf", + "url": "https://dl.packetstormsecurity.net/papers/general/braktooth.pdf" } ] } diff --git a/2021/28xxx/CVE-2021-28155.json b/2021/28xxx/CVE-2021-28155.json index 53cee354ebd..a3b35f21c3c 100644 --- a/2021/28xxx/CVE-2021-28155.json +++ b/2021/28xxx/CVE-2021-28155.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-28155", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-28155", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Bluetooth Classic implementation on JBL TUNE500BT devices does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service and shutdown a device by flooding the target device with LMP Feature Response data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.jbl.com.sg/over-ear-headphones/JBL+TUNE500BT.html", + "refsource": "MISC", + "name": "https://www.jbl.com.sg/over-ear-headphones/JBL+TUNE500BT.html" + }, + { + "refsource": "MISC", + "name": "https://dl.packetstormsecurity.net/papers/general/braktooth.pdf", + "url": "https://dl.packetstormsecurity.net/papers/general/braktooth.pdf" } ] } diff --git a/2021/33xxx/CVE-2021-33831.json b/2021/33xxx/CVE-2021-33831.json index 3e4360307a8..2511cbe09e8 100644 --- a/2021/33xxx/CVE-2021-33831.json +++ b/2021/33xxx/CVE-2021-33831.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-33831", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-33831", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "api/account/register in the TH Wildau COVID-19 Contact Tracing application through 2021-09-01 has Incorrect Access Control. An attacker can interfere with tracing of infection chains by creating 500 random users within 2500 seconds." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.th-wildau.de/studieren-weiterbilden/neuigkeiten-und-veranstaltungen/corona/", + "refsource": "MISC", + "name": "https://www.th-wildau.de/studieren-weiterbilden/neuigkeiten-und-veranstaltungen/corona/" + }, + { + "refsource": "MISC", + "name": "https://github.com/lanmarc77/CVE-2021-33831", + "url": "https://github.com/lanmarc77/CVE-2021-33831" } ] } diff --git a/2021/34xxx/CVE-2021-34144.json b/2021/34xxx/CVE-2021-34144.json index 91695bc9951..a6adf798c36 100644 --- a/2021/34xxx/CVE-2021-34144.json +++ b/2021/34xxx/CVE-2021-34144.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-34144", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-34144", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Bluetooth Classic implementation in the Zhuhai Jieli AC6366C BT SDK through 0.9.1 does not properly handle the reception of truncated LMP_SCO_Link_Request packets while no other BT connections are active, allowing attackers in radio range to prevent new BT connections (disabling the AB5301A inquiry and page scan procedures) via a crafted LMP packet. The user needs to manually perform a power cycle (restart) of the device to restore BT connectivity." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Jieli-Tech/fw-AC63_BT_SDK", + "refsource": "MISC", + "name": "https://github.com/Jieli-Tech/fw-AC63_BT_SDK" + }, + { + "url": "https://launchstudio.bluetooth.com/ListingDetails/91371", + "refsource": "MISC", + "name": "https://launchstudio.bluetooth.com/ListingDetails/91371" + }, + { + "refsource": "MISC", + "name": "https://dl.packetstormsecurity.net/papers/general/braktooth.pdf", + "url": "https://dl.packetstormsecurity.net/papers/general/braktooth.pdf" } ] } diff --git a/2021/34xxx/CVE-2021-34150.json b/2021/34xxx/CVE-2021-34150.json index ba14234b0fd..374433e5bf2 100644 --- a/2021/34xxx/CVE-2021-34150.json +++ b/2021/34xxx/CVE-2021-34150.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-34150", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-34150", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Bluetooth Classic implementation on Bluetrum AB5301A devices with unknown firmware versions does not properly handle the reception of oversized DM1 LMP packets while no other BT connections are active, allowing attackers in radio range to prevent new BT connections (disabling the AB5301A inquiry and page scan procedures) via a crafted LMP packet. The user needs to manually perform a power cycle (restart) of the device to restore BT connectivity." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.bluetrum.com/product/ab5301a.html", + "refsource": "MISC", + "name": "http://www.bluetrum.com/product/ab5301a.html" + }, + { + "refsource": "MISC", + "name": "https://dl.packetstormsecurity.net/papers/general/braktooth.pdf", + "url": "https://dl.packetstormsecurity.net/papers/general/braktooth.pdf" } ] } diff --git a/2021/38xxx/CVE-2021-38840.json b/2021/38xxx/CVE-2021-38840.json index 62e1a35172d..dfba189d537 100644 --- a/2021/38xxx/CVE-2021-38840.json +++ b/2021/38xxx/CVE-2021-38840.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-38840", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-38840", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL Injection can occur in Simple Water Refilling Station Management System 1.0 via the water_refilling/classes/Login.php username parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sourcecodester.com/php/14906/simple-water-refilling-station-management-system-php-free-source-code.html", + "refsource": "MISC", + "name": "https://www.sourcecodester.com/php/14906/simple-water-refilling-station-management-system-php-free-source-code.html" + }, + { + "url": "https://www.sourcecodester.com/users/tips23", + "refsource": "MISC", + "name": "https://www.sourcecodester.com/users/tips23" + }, + { + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/50205", + "url": "https://www.exploit-db.com/exploits/50205" + }, + { + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/50204", + "url": "https://www.exploit-db.com/exploits/50204" } ] } diff --git a/2021/38xxx/CVE-2021-38841.json b/2021/38xxx/CVE-2021-38841.json index 6d921b240d6..14d2004cfe2 100644 --- a/2021/38xxx/CVE-2021-38841.json +++ b/2021/38xxx/CVE-2021-38841.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-38841", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-38841", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Remote Code Execution can occur in Simple Water Refilling Station Management System 1.0 via the System Logo option on the system_info page in classes/SystemSettings.php with an update_settings action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sourcecodester.com/php/14906/simple-water-refilling-station-management-system-php-free-source-code.html", + "refsource": "MISC", + "name": "https://www.sourcecodester.com/php/14906/simple-water-refilling-station-management-system-php-free-source-code.html" + }, + { + "url": "https://www.sourcecodester.com/users/tips23", + "refsource": "MISC", + "name": "https://www.sourcecodester.com/users/tips23" + }, + { + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/50205", + "url": "https://www.exploit-db.com/exploits/50205" } ] } diff --git a/2021/39xxx/CVE-2021-39278.json b/2021/39xxx/CVE-2021-39278.json index f5b7e26f23d..dbd0a94593e 100644 --- a/2021/39xxx/CVE-2021-39278.json +++ b/2021/39xxx/CVE-2021-39278.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-39278", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-39278", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Certain MOXA devices allow reflected XSS via the Config Import menu. This affects WAC-2004 1.7, WAC-1001 2.1, WAC-1001-T 2.1, OnCell G3470A-LTE-EU 1.7, OnCell G3470A-LTE-EU-T 1.7, TAP-323-EU-CT-T 1.3, TAP-323-US-CT-T 1.3, TAP-323-JP-CT-T 1.3, WDR-3124A-EU 2.3, WDR-3124A-EU-T 2.3, WDR-3124A-US 2.3, and WDR-3124A-US-T 2.3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/164014", + "url": "http://packetstormsecurity.com/files/164014" } ] } diff --git a/2021/39xxx/CVE-2021-39279.json b/2021/39xxx/CVE-2021-39279.json index 9115e51bbac..207f3ea9145 100644 --- a/2021/39xxx/CVE-2021-39279.json +++ b/2021/39xxx/CVE-2021-39279.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-39279", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-39279", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Certain MOXA devices allow Authenticated Command Injection via /forms/web_importTFTP. This affects WAC-2004 1.7, WAC-1001 2.1, WAC-1001-T 2.1, OnCell G3470A-LTE-EU 1.7, OnCell G3470A-LTE-EU-T 1.7, TAP-323-EU-CT-T 1.3, TAP-323-US-CT-T 1.3, TAP-323-JP-CT-T 1.3, WDR-3124A-EU 2.3, WDR-3124A-EU-T 2.3, WDR-3124A-US 2.3, and WDR-3124A-US-T 2.3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.moxa.com", + "refsource": "MISC", + "name": "https://www.moxa.com" } ] }