Auto-Update: 2024-07-27T22:00:17.225831+00:00

CVE-2024/CVE-2024-71xx/CVE-2024-7151.json

@@ -0,0 +1,137 @@
+{
+  "id": "CVE-2024-7151",
+  "sourceIdentifier": "cna@vuldb.com",
+  "published": "2024-07-27T20:15:09.650",
+  "lastModified": "2024-07-27T20:15:09.650",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability was found in Tenda O3 1.0.0.10(2478). It has been declared as critical. This vulnerability affects the function fromMacFilterSet of the file /goform/setMacFilter. The manipulation of the argument remark leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-272554 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV40": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "4.0",
+          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "attackRequirements": "NONE",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "vulnerableSystemConfidentiality": "HIGH",
+          "vulnerableSystemIntegrity": "HIGH",
+          "vulnerableSystemAvailability": "HIGH",
+          "subsequentSystemConfidentiality": "NONE",
+          "subsequentSystemIntegrity": "NONE",
+          "subsequentSystemAvailability": "NONE",
+          "exploitMaturity": "NOT_DEFINED",
+          "confidentialityRequirements": "NOT_DEFINED",
+          "integrityRequirements": "NOT_DEFINED",
+          "availabilityRequirements": "NOT_DEFINED",
+          "modifiedAttackVector": "NOT_DEFINED",
+          "modifiedAttackComplexity": "NOT_DEFINED",
+          "modifiedAttackRequirements": "NOT_DEFINED",
+          "modifiedPrivilegesRequired": "NOT_DEFINED",
+          "modifiedUserInteraction": "NOT_DEFINED",
+          "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
+          "modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
+          "modifiedVulnerableSystemAvailability": "NOT_DEFINED",
+          "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
+          "modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
+          "modifiedSubsequentSystemAvailability": "NOT_DEFINED",
+          "safety": "NOT_DEFINED",
+          "automatable": "NOT_DEFINED",
+          "recovery": "NOT_DEFINED",
+          "valueDensity": "NOT_DEFINED",
+          "vulnerabilityResponseEffort": "NOT_DEFINED",
+          "providerUrgency": "NOT_DEFINED",
+          "baseScore": 8.7,
+          "baseSeverity": "HIGH"
+        }
+      }
+    ],
+    "cvssMetricV31": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 8.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 5.9
+      }
+    ],
+    "cvssMetricV2": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "2.0",
+          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
+          "accessVector": "NETWORK",
+          "accessComplexity": "LOW",
+          "authentication": "SINGLE",
+          "confidentialityImpact": "COMPLETE",
+          "integrityImpact": "COMPLETE",
+          "availabilityImpact": "COMPLETE",
+          "baseScore": 9.0
+        },
+        "baseSeverity": "HIGH",
+        "exploitabilityScore": 8.0,
+        "impactScore": 10.0,
+        "acInsufInfo": false,
+        "obtainAllPrivilege": false,
+        "obtainUserPrivilege": false,
+        "obtainOtherPrivilege": false,
+        "userInteractionRequired": false
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cna@vuldb.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-121"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/noahze01/IoT-vulnerable/blob/main/Tenda/O3v2.0/fromMacFilterSet.md",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?ctiid.272554",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?id.272554",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?submit.377040",
+      "source": "cna@vuldb.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-71xx/CVE-2024-7152.json

@@ -0,0 +1,137 @@
+{
+  "id": "CVE-2024-7152",
+  "sourceIdentifier": "cna@vuldb.com",
+  "published": "2024-07-27T21:15:09.743",
+  "lastModified": "2024-07-27T21:15:09.743",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability was found in Tenda O3 1.0.0.10(2478). It has been rated as critical. This issue affects the function fromSafeSetMacFilter of the file /goform/setMacFilterList. The manipulation of the argument time leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272555. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV40": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "4.0",
+          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "attackRequirements": "NONE",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "vulnerableSystemConfidentiality": "HIGH",
+          "vulnerableSystemIntegrity": "HIGH",
+          "vulnerableSystemAvailability": "HIGH",
+          "subsequentSystemConfidentiality": "NONE",
+          "subsequentSystemIntegrity": "NONE",
+          "subsequentSystemAvailability": "NONE",
+          "exploitMaturity": "NOT_DEFINED",
+          "confidentialityRequirements": "NOT_DEFINED",
+          "integrityRequirements": "NOT_DEFINED",
+          "availabilityRequirements": "NOT_DEFINED",
+          "modifiedAttackVector": "NOT_DEFINED",
+          "modifiedAttackComplexity": "NOT_DEFINED",
+          "modifiedAttackRequirements": "NOT_DEFINED",
+          "modifiedPrivilegesRequired": "NOT_DEFINED",
+          "modifiedUserInteraction": "NOT_DEFINED",
+          "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
+          "modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
+          "modifiedVulnerableSystemAvailability": "NOT_DEFINED",
+          "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
+          "modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
+          "modifiedSubsequentSystemAvailability": "NOT_DEFINED",
+          "safety": "NOT_DEFINED",
+          "automatable": "NOT_DEFINED",
+          "recovery": "NOT_DEFINED",
+          "valueDensity": "NOT_DEFINED",
+          "vulnerabilityResponseEffort": "NOT_DEFINED",
+          "providerUrgency": "NOT_DEFINED",
+          "baseScore": 8.7,
+          "baseSeverity": "HIGH"
+        }
+      }
+    ],
+    "cvssMetricV31": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 8.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 5.9
+      }
+    ],
+    "cvssMetricV2": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "2.0",
+          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
+          "accessVector": "NETWORK",
+          "accessComplexity": "LOW",
+          "authentication": "SINGLE",
+          "confidentialityImpact": "COMPLETE",
+          "integrityImpact": "COMPLETE",
+          "availabilityImpact": "COMPLETE",
+          "baseScore": 9.0
+        },
+        "baseSeverity": "HIGH",
+        "exploitabilityScore": 8.0,
+        "impactScore": 10.0,
+        "acInsufInfo": false,
+        "obtainAllPrivilege": false,
+        "obtainUserPrivilege": false,
+        "obtainOtherPrivilege": false,
+        "userInteractionRequired": false
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cna@vuldb.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-121"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/noahze01/IoT-vulnerable/blob/main/Tenda/O3v2.0/fromSafeSetMacFilter.md",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?ctiid.272555",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?id.272555",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?submit.377041",
+      "source": "cna@vuldb.com"
+    }
+  ]
+}

README.md

@@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2024-07-27T14:00:16.904685+00:00
+2024-07-27T22:00:17.225831+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2024-07-27T13:15:09.757000+00:00
+2024-07-27T21:15:09.743000+00:00
 ```
 
 ### Last Data Feed Release
@@ -33,20 +33,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-258084
+258086
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `7`
+Recently added CVEs: `2`
 
-- [CVE-2024-5614](CVE-2024/CVE-2024-56xx/CVE-2024-5614.json) (`2024-07-27T12:15:09.663`)
-- [CVE-2024-6518](CVE-2024/CVE-2024-65xx/CVE-2024-6518.json) (`2024-07-27T12:15:10.780`)
-- [CVE-2024-6520](CVE-2024/CVE-2024-65xx/CVE-2024-6520.json) (`2024-07-27T12:15:11.030`)
-- [CVE-2024-6521](CVE-2024/CVE-2024-65xx/CVE-2024-6521.json) (`2024-07-27T12:15:11.250`)
-- [CVE-2024-6627](CVE-2024/CVE-2024-66xx/CVE-2024-6627.json) (`2024-07-27T12:15:11.477`)
-- [CVE-2024-6703](CVE-2024/CVE-2024-67xx/CVE-2024-6703.json) (`2024-07-27T13:15:09.757`)
-- [CVE-2024-6897](CVE-2024/CVE-2024-68xx/CVE-2024-6897.json) (`2024-07-27T12:15:11.707`)
+- [CVE-2024-7151](CVE-2024/CVE-2024-71xx/CVE-2024-7151.json) (`2024-07-27T20:15:09.650`)
+- [CVE-2024-7152](CVE-2024/CVE-2024-71xx/CVE-2024-7152.json) (`2024-07-27T21:15:09.743`)
 
 
 ### CVEs modified in the last Commit

_state.csv

@@ -257238,7 +257238,7 @@ CVE-2024-5609,0,0,4c03a855f07c8ea18d8e7a70e1e2d3467f32254daea5abf62f130fb919fa93
 CVE-2024-5611,0,0,257f707c49e1adeab5f30937de3668453c65dc87c2e8ac71cda38f1fe1bbc4e5,2024-06-17T12:42:04.623000
 CVE-2024-5612,0,0,c48d9d85ab6fb6f375c9bae41bb41f013f62cc7d97e523d92c986f223f9ac364,2024-06-07T14:56:05.647000
 CVE-2024-5613,0,0,d9550d95a21bd950ae7717d597381d24b04054ec554e6d52d8ed280e70034f18,2024-06-10T02:52:08.267000
-CVE-2024-5614,1,1,276bf27648d5d4f8e4c646cd9cc2d0e5ab60508e776f7b2e910b4ce4f927ffce,2024-07-27T12:15:09.663000
+CVE-2024-5614,0,0,276bf27648d5d4f8e4c646cd9cc2d0e5ab60508e776f7b2e910b4ce4f927ffce,2024-07-27T12:15:09.663000
 CVE-2024-5615,0,0,0b80425a78ce7696e161012e7d95058779d0861d3b6927cc392e7a553c227a9e,2024-06-11T17:55:16.103000
 CVE-2024-5616,0,0,5078c1aa917db98652cc6ffd2b310b244194da0fcbabfd9d4ed8ccf7b99de509,2024-07-08T15:49:22.437000
 CVE-2024-5618,0,0,ebe36b14a25a2ade3e64c60f6c84014fea87ffe3e6c056e2ec2d4c12a7dbd5bd,2024-07-19T13:01:44.567000
@@ -257837,9 +257837,9 @@ CVE-2024-6506,0,0,58310ca3e68e3dacb16dafd9b32db187bdf111a88d3da008267c8c84bbec48
 CVE-2024-6507,0,0,4e3b24fd61e25de66a6840473e4d19109a713188592b0f05efa1cbb9de33936e,2024-07-08T14:19:21.610000
 CVE-2024-6511,0,0,053f3089b06a0cd915df79eb3301836b5db5c9fe4d3ed571ee6923d36f4d1832,2024-07-05T12:55:51.367000
 CVE-2024-6513,0,0,bb977a38eaef5aa918756b3907c97d9805111d3bc118dcf2b0096d1bbd202aea,2024-07-04T16:15:03.103000
-CVE-2024-6518,1,1,3d7e5bfccb39c3666fa70d026abac7397ae8eca74f0e39d749375abec4b05fe7,2024-07-27T12:15:10.780000
-CVE-2024-6520,1,1,9defeeea1e73687f49754c0daad1f9f3cc8c55d04496b7d8cdbf21c3415b5e14,2024-07-27T12:15:11.030000
-CVE-2024-6521,1,1,44afab5ac0543370f21cd1632a2d01bfb91586d204b462b915cd9854a037270f,2024-07-27T12:15:11.250000
+CVE-2024-6518,0,0,3d7e5bfccb39c3666fa70d026abac7397ae8eca74f0e39d749375abec4b05fe7,2024-07-27T12:15:10.780000
+CVE-2024-6520,0,0,9defeeea1e73687f49754c0daad1f9f3cc8c55d04496b7d8cdbf21c3415b5e14,2024-07-27T12:15:11.030000
+CVE-2024-6521,0,0,44afab5ac0543370f21cd1632a2d01bfb91586d204b462b915cd9854a037270f,2024-07-27T12:15:11.250000
 CVE-2024-6523,0,0,98f0a109b2eb43c22795bc145187860635580ebf6919d959b6614038101f8043,2024-07-08T16:47:11.437000
 CVE-2024-6524,0,0,4164bb0736c03a505788360f1634f8030b5ce4107a78a58256f3b4682fe3c19a,2024-07-08T15:33:01.377000
 CVE-2024-6525,0,0,2f0f70f02d7062f0146f492a65f00de0208bb8c01fafafd0c2d5a6e3d243b927,2024-07-08T15:30:11.133000
@@ -257901,7 +257901,7 @@ CVE-2024-6615,0,0,21e70ce6d005932fad51efb1cef43277a3ff57e367ed55aea5460b226c9f9b
 CVE-2024-6621,0,0,245e22cf8c695e01e46245f83baf1a8e74fd9ede2206edccd3aaa25f1c00ba0d,2024-07-16T13:43:58.773000
 CVE-2024-6624,0,0,d641d0598d5f0d62f69b2f0bb30153f1263b9aa17a64dd7567b42517a1bc6027,2024-07-12T16:51:31.487000
 CVE-2024-6625,0,0,b913737eefce9f28c47dc537f0edd398b1eeb297cd2eb30c69b59c3401317130,2024-07-12T12:49:07.030000
-CVE-2024-6627,1,1,3c8e368f6fbc7e6b7c55afc4d812008225f3d3302f69d4c248bd31e59d72e92c,2024-07-27T12:15:11.477000
+CVE-2024-6627,0,0,3c8e368f6fbc7e6b7c55afc4d812008225f3d3302f69d4c248bd31e59d72e92c,2024-07-27T12:15:11.477000
 CVE-2024-6629,0,0,0264a6ecc734e6bba34d74cdd2b710d65bfa2f35085e88ade8ee0f09f00a5520,2024-07-24T12:55:13.223000
 CVE-2024-6630,0,0,7742b604143993a9d769b9ab9c3e5aab85337a51e6772bb186961af80d29fee2,2024-07-10T18:15:05.407000
 CVE-2024-6634,0,0,034c952bec8de648991ab1d2e28977f51b22472f46a09e1751519f767a2003af,2024-07-27T02:15:12.560000
@@ -257934,7 +257934,7 @@ CVE-2024-6680,0,0,131299d0989a76f846afb0c8ae15f4692f1a0fdd9931fad30c165660cd1232
 CVE-2024-6681,0,0,fd87484dafd740c0f788720b14149eb40f6b6d8ce371416d0e039ce9acf82071,2024-07-11T18:09:58.777000
 CVE-2024-6689,0,0,d40d4a6e022419e83ed34bb3a74eb0d24556e6d76f7b0a592f90775a9d52873c,2024-07-16T13:43:58.773000
 CVE-2024-6694,0,0,7d61bbb6e4266a8c90354c9d0cb6da1ede156f667671ed3e7d5507b5e685e063,2024-07-22T13:00:53.287000
-CVE-2024-6703,1,1,4f662fbdc03fd7cd0be669d3b0e364488aeb120c7cee29fd02a342b2adcc102f,2024-07-27T13:15:09.757000
+CVE-2024-6703,0,0,4f662fbdc03fd7cd0be669d3b0e364488aeb120c7cee29fd02a342b2adcc102f,2024-07-27T13:15:09.757000
 CVE-2024-6705,0,0,1e166467558902cf3ff2211f8b1aa347feb308f999c65053186e5a13806e8368,2024-07-18T12:28:43.707000
 CVE-2024-6714,0,0,11b717ebe6f787348133e2783f9d140b140bb610f91df0dde9f6c41f4dbdce83,2024-07-24T12:55:13.223000
 CVE-2024-6716,0,0,8ffb92442f0506288b44c8e147b3f474301f4b7d486d9477f8f7548823d67c07,2024-07-17T14:15:04.210000
@@ -257998,7 +257998,7 @@ CVE-2024-6874,0,0,6fdb828244d0878bf4334f6c8b61a3ad657fa405006bc4b1bc91d03b240bfd
 CVE-2024-6885,0,0,820342a8aad3354940c223afe57157bbf13eee743fbe19265a63d35dde973086,2024-07-24T12:55:13.223000
 CVE-2024-6895,0,0,ba732cd0d0196677d9fba02b4344054d4844d09e5d174114e4dcf4446ecf9262,2024-07-22T13:00:53.287000
 CVE-2024-6896,0,0,801c74edfd9bf4c5786030707fac190d86b113e6627f16ad4c2e5810705558a7,2024-07-24T12:55:13.223000
-CVE-2024-6897,1,1,d4aba1ee6695ecb86b55721c90294563157d1488e9edd7a287c523fc536ffcea,2024-07-27T12:15:11.707000
+CVE-2024-6897,0,0,d4aba1ee6695ecb86b55721c90294563157d1488e9edd7a287c523fc536ffcea,2024-07-27T12:15:11.707000
 CVE-2024-6898,0,0,98dae2dc951da0c9f1ac4e695a7ad38573b2abb15f5508f51642ed9635c194c6,2024-07-19T13:01:44.567000
 CVE-2024-6899,0,0,397359020457c655f416abd05bdc982e2cbc9cd703cb46d21be66b71a5df8e91,2024-07-19T13:01:44.567000
 CVE-2024-6900,0,0,e500188038c3ea14b8e23eb8bbafe809d907d6d44fb62c1134048b209905575c,2024-07-24T16:55:06.977000
@@ -258083,3 +258083,5 @@ CVE-2024-7118,0,0,62d89d26f65ea1fb65d47df60031a9f710120780ee20316aed458cb0233573
 CVE-2024-7119,0,0,4fde682fb77fb71b91b004dbf3a8e8f6c65de29e380f3ae8cf5f985df542b475,2024-07-26T12:38:41.683000
 CVE-2024-7120,0,0,b31d06866272ef86189a0e02ce3949a7ccc55f035cc829a55c9e600588efd001,2024-07-26T12:38:41.683000
 CVE-2024-7128,0,0,47460bc57c903b3fabdb73433c3bfc4f54879d354fc8cdc474587e0d4d4fa63d,2024-07-26T14:15:03.573000
+CVE-2024-7151,1,1,06232e614d6867686f3c84d16156f95141f38a0335ce80e22280064659e83e56,2024-07-27T20:15:09.650000
+CVE-2024-7152,1,1,aac814756563dfb6eac01900cd30616c2d9c9df404e1ca487beb8a14d5d8de14,2024-07-27T21:15:09.743000