mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
132 lines
4.6 KiB
JSON
132 lines
4.6 KiB
JSON
{
|
|
"data_version": "4.0",
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2025-1340",
|
|
"ASSIGNER": "cna@vuldb.com",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "A vulnerability classified as critical has been found in TOTOLINK X18 9.1.0cu.2024_B20220329. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi. The manipulation as part of String leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
|
|
},
|
|
{
|
|
"lang": "deu",
|
|
"value": "Es wurde eine kritische Schwachstelle in TOTOLINK X18 9.1.0cu.2024_B20220329 entdeckt. Hiervon betroffen ist die Funktion setPasswordCfg der Datei /cgi-bin/cstecgi.cgi. Dank Manipulation durch String kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Stack-based Buffer Overflow",
|
|
"cweId": "CWE-121"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Memory Corruption",
|
|
"cweId": "CWE-119"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "TOTOLINK",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "X18",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "9.1.0cu.2024_B20220329"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "https://vuldb.com/?id.295956",
|
|
"refsource": "MISC",
|
|
"name": "https://vuldb.com/?id.295956"
|
|
},
|
|
{
|
|
"url": "https://vuldb.com/?ctiid.295956",
|
|
"refsource": "MISC",
|
|
"name": "https://vuldb.com/?ctiid.295956"
|
|
},
|
|
{
|
|
"url": "https://vuldb.com/?submit.495368",
|
|
"refsource": "MISC",
|
|
"name": "https://vuldb.com/?submit.495368"
|
|
},
|
|
{
|
|
"url": "https://github.com/stevenchen0x01/CVE2/blob/main/stack_overflow.md",
|
|
"refsource": "MISC",
|
|
"name": "https://github.com/stevenchen0x01/CVE2/blob/main/stack_overflow.md"
|
|
},
|
|
{
|
|
"url": "https://www.totolink.net/",
|
|
"refsource": "MISC",
|
|
"name": "https://www.totolink.net/"
|
|
}
|
|
]
|
|
},
|
|
"credits": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Steven_Dra3w (VulDB User)"
|
|
},
|
|
{
|
|
"lang": "en",
|
|
"value": "hello vuldb (VulDB User)"
|
|
},
|
|
{
|
|
"lang": "en",
|
|
"value": "Steven_Dra3w (VulDB User)"
|
|
}
|
|
],
|
|
"impact": {
|
|
"cvss": [
|
|
{
|
|
"version": "3.1",
|
|
"baseScore": 8.8,
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
|
"baseSeverity": "HIGH"
|
|
},
|
|
{
|
|
"version": "3.0",
|
|
"baseScore": 8.8,
|
|
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
|
"baseSeverity": "HIGH"
|
|
},
|
|
{
|
|
"version": "2.0",
|
|
"baseScore": 9,
|
|
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C"
|
|
}
|
|
]
|
|
}
|
|
} |