Auto-Update: 2024-08-24T18:00:16.998584+00:00

2025-07-09 16:05:11 +00:00 · 2024-08-24 18:03:14 +00:00 · 2024-08-24 18:03:14 +00:00 · 21cb360b98
commit 21cb360b98
parent e7ef3a4ccf
4 changed files with 315 additions and 10 deletions
--- a/CVE-2024/CVE-2024-81xx/CVE-2024-8129.json
+++ b/CVE-2024/CVE-2024-81xx/CVE-2024-8129.json
@ -0,0 +1,152 @@
+{
+  "id": "CVE-2024-8129",
+  "sourceIdentifier": "cna@vuldb.com",
+  "published": "2024-08-24T16:15:04.057",
+  "lastModified": "2024-08-24T16:15:04.057",
+  "vulnStatus": "Received",
+  "cveTags": [
+    {
+      "sourceIdentifier": "cna@vuldb.com",
+      "tags": [
+        "unsupported-when-assigned"
+      ]
+    }
+  ],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability, which was classified as critical, was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. Affected is the function cgi_s3_modify of the file /cgi-bin/s3.cgi of the component HTTP POST Request Handler. The manipulation of the argument f_job_name leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV40": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "4.0",
+          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "attackRequirements": "NONE",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "vulnerableSystemConfidentiality": "LOW",
+          "vulnerableSystemIntegrity": "LOW",
+          "vulnerableSystemAvailability": "LOW",
+          "subsequentSystemConfidentiality": "NONE",
+          "subsequentSystemIntegrity": "NONE",
+          "subsequentSystemAvailability": "NONE",
+          "exploitMaturity": "NOT_DEFINED",
+          "confidentialityRequirements": "NOT_DEFINED",
+          "integrityRequirements": "NOT_DEFINED",
+          "availabilityRequirements": "NOT_DEFINED",
+          "modifiedAttackVector": "NOT_DEFINED",
+          "modifiedAttackComplexity": "NOT_DEFINED",
+          "modifiedAttackRequirements": "NOT_DEFINED",
+          "modifiedPrivilegesRequired": "NOT_DEFINED",
+          "modifiedUserInteraction": "NOT_DEFINED",
+          "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
+          "modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
+          "modifiedVulnerableSystemAvailability": "NOT_DEFINED",
+          "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
+          "modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
+          "modifiedSubsequentSystemAvailability": "NOT_DEFINED",
+          "safety": "NOT_DEFINED",
+          "automatable": "NOT_DEFINED",
+          "recovery": "NOT_DEFINED",
+          "valueDensity": "NOT_DEFINED",
+          "vulnerabilityResponseEffort": "NOT_DEFINED",
+          "providerUrgency": "NOT_DEFINED",
+          "baseScore": 5.3,
+          "baseSeverity": "MEDIUM"
+        }
+      }
+    ],
+    "cvssMetricV31": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 6.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 3.4
+      }
+    ],
+    "cvssMetricV2": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "2.0",
+          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
+          "accessVector": "NETWORK",
+          "accessComplexity": "LOW",
+          "authentication": "SINGLE",
+          "confidentialityImpact": "PARTIAL",
+          "integrityImpact": "PARTIAL",
+          "availabilityImpact": "PARTIAL",
+          "baseScore": 6.5
+        },
+        "baseSeverity": "MEDIUM",
+        "exploitabilityScore": 8.0,
+        "impactScore": 6.4,
+        "acInsufInfo": false,
+        "obtainAllPrivilege": false,
+        "obtainUserPrivilege": false,
+        "obtainOtherPrivilege": false,
+        "userInteractionRequired": false
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cna@vuldb.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-77"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_s3_modify.md",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?ctiid.275700",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?id.275700",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?submit.396290",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://www.dlink.com/",
+      "source": "cna@vuldb.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-81xx/CVE-2024-8130.json
+++ b/CVE-2024/CVE-2024-81xx/CVE-2024-8130.json
@ -0,0 +1,152 @@
+{
+  "id": "CVE-2024-8130",
+  "sourceIdentifier": "cna@vuldb.com",
+  "published": "2024-08-24T17:15:03.290",
+  "lastModified": "2024-08-24T17:15:03.290",
+  "vulnStatus": "Received",
+  "cveTags": [
+    {
+      "sourceIdentifier": "cna@vuldb.com",
+      "tags": [
+        "unsupported-when-assigned"
+      ]
+    }
+  ],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814 and classified as critical. Affected by this vulnerability is the function cgi_s3 of the file /cgi-bin/s3.cgi of the component HTTP POST Request Handler. The manipulation of the argument f_a_key leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV40": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "4.0",
+          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "attackRequirements": "NONE",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "vulnerableSystemConfidentiality": "LOW",
+          "vulnerableSystemIntegrity": "LOW",
+          "vulnerableSystemAvailability": "LOW",
+          "subsequentSystemConfidentiality": "NONE",
+          "subsequentSystemIntegrity": "NONE",
+          "subsequentSystemAvailability": "NONE",
+          "exploitMaturity": "NOT_DEFINED",
+          "confidentialityRequirements": "NOT_DEFINED",
+          "integrityRequirements": "NOT_DEFINED",
+          "availabilityRequirements": "NOT_DEFINED",
+          "modifiedAttackVector": "NOT_DEFINED",
+          "modifiedAttackComplexity": "NOT_DEFINED",
+          "modifiedAttackRequirements": "NOT_DEFINED",
+          "modifiedPrivilegesRequired": "NOT_DEFINED",
+          "modifiedUserInteraction": "NOT_DEFINED",
+          "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
+          "modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
+          "modifiedVulnerableSystemAvailability": "NOT_DEFINED",
+          "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
+          "modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
+          "modifiedSubsequentSystemAvailability": "NOT_DEFINED",
+          "safety": "NOT_DEFINED",
+          "automatable": "NOT_DEFINED",
+          "recovery": "NOT_DEFINED",
+          "valueDensity": "NOT_DEFINED",
+          "vulnerabilityResponseEffort": "NOT_DEFINED",
+          "providerUrgency": "NOT_DEFINED",
+          "baseScore": 5.3,
+          "baseSeverity": "MEDIUM"
+        }
+      }
+    ],
+    "cvssMetricV31": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 6.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 3.4
+      }
+    ],
+    "cvssMetricV2": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "2.0",
+          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
+          "accessVector": "NETWORK",
+          "accessComplexity": "LOW",
+          "authentication": "SINGLE",
+          "confidentialityImpact": "PARTIAL",
+          "integrityImpact": "PARTIAL",
+          "availabilityImpact": "PARTIAL",
+          "baseScore": 6.5
+        },
+        "baseSeverity": "MEDIUM",
+        "exploitabilityScore": 8.0,
+        "impactScore": 6.4,
+        "acInsufInfo": false,
+        "obtainAllPrivilege": false,
+        "obtainUserPrivilege": false,
+        "obtainOtherPrivilege": false,
+        "userInteractionRequired": false
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cna@vuldb.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-77"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_s3.md",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?ctiid.275701",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?id.275701",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?submit.396291",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://www.dlink.com/",
+      "source": "cna@vuldb.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-08-24T14:00:17.337053+00:00
+2024-08-24T18:00:16.998584+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-08-24T12:15:04.557000+00:00
+2024-08-24T17:15:03.290000+00:00
 ```

 ### Last Data Feed Release
@ -33,16 +33,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-261083
+261085
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `3`
+Recently added CVEs: `2`

- [CVE-2022-43915](CVE-2022/CVE-2022-439xx/CVE-2022-43915.json) (`2024-08-24T12:15:04.080`)
- [CVE-2024-7656](CVE-2024/CVE-2024-76xx/CVE-2024-7656.json) (`2024-08-24T12:15:04.330`)
- [CVE-2024-8128](CVE-2024/CVE-2024-81xx/CVE-2024-8128.json) (`2024-08-24T12:15:04.557`)
+- [CVE-2024-8129](CVE-2024/CVE-2024-81xx/CVE-2024-8129.json) (`2024-08-24T16:15:04.057`)
+- [CVE-2024-8130](CVE-2024/CVE-2024-81xx/CVE-2024-8130.json) (`2024-08-24T17:15:03.290`)


 ### CVEs modified in the last Commit
--- a/_state.csv
+++ b/_state.csv
@ -209015,7 +209015,7 @@ CVE-2022-43909,0,0,fb5ee18fcc4a7c8f963a93a6115537cf0182728f4dba8a3bd049fa37f66ac
 CVE-2022-4391,0,0,55ba1ee53ba287fa9a331eec36653bf0e64371d30780a415458f598732c5d396,2023-11-07T03:57:43.970000
 CVE-2022-43910,0,0,7268ce6dc82f1278149e45c0b95732486f595712c6fa46116abdc68639690719,2023-07-27T23:43:13.553000
 CVE-2022-43914,0,0,6c5d00c75cae4288b9b3f94ea7847750a80fcdaddd67481674372df2bd89e663,2023-11-07T03:54:07.493000
-CVE-2022-43915,1,1,2d1c28ce172236b063d6a1fb5ffdb0f74219a8ce71539ccfcc96f8c151ed9ed5,2024-08-24T12:15:04.080000
+CVE-2022-43915,0,0,2d1c28ce172236b063d6a1fb5ffdb0f74219a8ce71539ccfcc96f8c151ed9ed5,2024-08-24T12:15:04.080000
 CVE-2022-43917,0,0,38b0633885bd70099b602418a9f6cf51c4440b53dd83d61edf447fd9b1fdb596,2023-11-07T03:54:07.590000
 CVE-2022-43919,0,0,3aa92fee108b80de2c2a30af75bd50fa8417c3cffedb4ff0feec49c8f960e3aa,2023-05-11T14:37:10.943000
 CVE-2022-4392,0,0,8486468fc2864376f0d7d2d2c7f6ecbf29ceed955d0af959f0ef5ea5913b1984,2023-11-07T03:57:44.170000
@ -260875,7 +260875,7 @@ CVE-2024-7647,0,0,c2417bbd838d2a2a494407e7a47e50a82d7e6b69bb49e726beca72fa9570b1
 CVE-2024-7648,0,0,2049ae7cbf0cab301bb3d8a4c000a0971cbb2a1bb7b1a04dd9face1c419d935f,2024-08-12T13:41:36.517000
 CVE-2024-7649,0,0,3d0b3905ac20943345a47479273aed49759614ef3fae3b2688335294d499ed3d,2024-08-12T13:41:36.517000
 CVE-2024-7651,0,0,5a46da6be71e23b2a70e27947f885b8fb16b12b8154bc4dda4808e71839c3b2b,2024-08-21T12:30:33.697000
-CVE-2024-7656,1,1,36ca719cfd1b469ef1a4c7dec2c47c2577ad2dab738b22cacff0ed1612a27bdf,2024-08-24T12:15:04.330000
+CVE-2024-7656,0,0,36ca719cfd1b469ef1a4c7dec2c47c2577ad2dab738b22cacff0ed1612a27bdf,2024-08-24T12:15:04.330000
 CVE-2024-7657,0,0,b71ee6cae903ac873f30f4d097ac987c873f0095983bc9620eda1ffab659d5b8,2024-08-15T17:48:20.920000
 CVE-2024-7658,0,0,832a65f53a452b2fa1561cdaae82b94e5ac7d59bc491a09b3cdc773f704d8588,2024-08-13T17:00:19.800000
 CVE-2024-7659,0,0,3cb22096bf2f6ca2aa4f8495c729121ab87c6bf294191fb47bc11d37c76e5c86,2024-08-15T17:49:42.667000
@ -261081,4 +261081,6 @@ CVE-2024-8112,0,0,53bc9e4fb84bb028363b46c3cb18428063770b5e5c085f93ec85e24d18222c
 CVE-2024-8113,0,0,663828d204cb9ecb17f530ae295b4541dee23e7a4b7b9d658530d5cb44ff87e3,2024-08-23T16:18:28.547000
 CVE-2024-8120,0,0,b588d9e16e67a2e06fbd40a6289508e4549b2d995767d4ddf7a7de8f5dc1fd92,2024-08-24T03:15:04.543000
 CVE-2024-8127,0,0,d1141915719639d4a45272a624f00fc8374c50578320b4ac97a3acb867c6e2c9,2024-08-24T10:15:04.370000
-CVE-2024-8128,1,1,13eae5ac3df77f7df87f497775100615293e856e3153dd861775b97d8be6ad97,2024-08-24T12:15:04.557000
+CVE-2024-8128,0,0,13eae5ac3df77f7df87f497775100615293e856e3153dd861775b97d8be6ad97,2024-08-24T12:15:04.557000
+CVE-2024-8129,1,1,a525d83bff2d07888612cdee3b31302c25c7465e185e8d7adf0935fbb9fcceaa,2024-08-24T16:15:04.057000
+CVE-2024-8130,1,1,9b7e1f9329e9e382cf628f98432202d425007974b54e0718aec7ddedc99bcb51,2024-08-24T17:15:03.290000