From f8f001928d1203a0a2ea0985ace574ba2714f7d9 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 16 Feb 2025 12:00:33 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2025/1xxx/CVE-2025-1338.json | 109 +++++++++++++++++++++++++++++++++-- 1 file changed, 105 insertions(+), 4 deletions(-) diff --git a/2025/1xxx/CVE-2025-1338.json b/2025/1xxx/CVE-2025-1338.json index e6efd12749e..cbc9f42a504 100644 --- a/2025/1xxx/CVE-2025-1338.json +++ b/2025/1xxx/CVE-2025-1338.json @@ -1,17 +1,118 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-1338", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in NUUO Camera up to 20250203. It has been declared as critical. This vulnerability affects the function print_file of the file /handle_config.php. The manipulation of the argument log leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "In NUUO Camera bis 20250203 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Hierbei betrifft es die Funktion print_file der Datei /handle_config.php. Durch Beeinflussen des Arguments log mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Command Injection", + "cweId": "CWE-77" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Injection", + "cweId": "CWE-74" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "NUUO", + "product": { + "product_data": [ + { + "product_name": "Camera", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "20250203" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.295954", + "refsource": "MISC", + "name": "https://vuldb.com/?id.295954" + }, + { + "url": "https://vuldb.com/?ctiid.295954", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.295954" + }, + { + "url": "https://vuldb.com/?submit.493912", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.493912" + }, + { + "url": "https://pan.baidu.com/s/1YW52iM0ehUfFKa_CiTHBjQ?from=init&pwd=kqec", + "refsource": "MISC", + "name": "https://pan.baidu.com/s/1YW52iM0ehUfFKa_CiTHBjQ?from=init&pwd=kqec" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "alc9700 (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 7.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 7.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 7.5, + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P" } ] }