From 21cb360b98a8891419692b1b06052f9de05a1f3b Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sat, 24 Aug 2024 18:03:14 +0000 Subject: [PATCH] Auto-Update: 2024-08-24T18:00:16.998584+00:00 --- CVE-2024/CVE-2024-81xx/CVE-2024-8129.json | 152 ++++++++++++++++++++++ CVE-2024/CVE-2024-81xx/CVE-2024-8130.json | 152 ++++++++++++++++++++++ README.md | 13 +- _state.csv | 8 +- 4 files changed, 315 insertions(+), 10 deletions(-) create mode 100644 CVE-2024/CVE-2024-81xx/CVE-2024-8129.json create mode 100644 CVE-2024/CVE-2024-81xx/CVE-2024-8130.json diff --git a/CVE-2024/CVE-2024-81xx/CVE-2024-8129.json b/CVE-2024/CVE-2024-81xx/CVE-2024-8129.json new file mode 100644 index 00000000000..d66bd408317 --- /dev/null +++ b/CVE-2024/CVE-2024-81xx/CVE-2024-8129.json @@ -0,0 +1,152 @@ +{ + "id": "CVE-2024-8129", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-08-24T16:15:04.057", + "lastModified": "2024-08-24T16:15:04.057", + "vulnStatus": "Received", + "cveTags": [ + { + "sourceIdentifier": "cna@vuldb.com", + "tags": [ + "unsupported-when-assigned" + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. Affected is the function cgi_s3_modify of the file /cgi-bin/s3.cgi of the component HTTP POST Request Handler. The manipulation of the argument f_job_name leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_s3_modify.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.275700", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.275700", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.396290", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.dlink.com/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-81xx/CVE-2024-8130.json b/CVE-2024/CVE-2024-81xx/CVE-2024-8130.json new file mode 100644 index 00000000000..f15312aaffc --- /dev/null +++ b/CVE-2024/CVE-2024-81xx/CVE-2024-8130.json @@ -0,0 +1,152 @@ +{ + "id": "CVE-2024-8130", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-08-24T17:15:03.290", + "lastModified": "2024-08-24T17:15:03.290", + "vulnStatus": "Received", + "cveTags": [ + { + "sourceIdentifier": "cna@vuldb.com", + "tags": [ + "unsupported-when-assigned" + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814 and classified as critical. Affected by this vulnerability is the function cgi_s3 of the file /cgi-bin/s3.cgi of the component HTTP POST Request Handler. The manipulation of the argument f_a_key leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_s3.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.275701", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.275701", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.396291", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.dlink.com/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 6e83bc20185..c09832eafd6 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-08-24T14:00:17.337053+00:00 +2024-08-24T18:00:16.998584+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-08-24T12:15:04.557000+00:00 +2024-08-24T17:15:03.290000+00:00 ``` ### Last Data Feed Release @@ -33,16 +33,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -261083 +261085 ``` ### CVEs added in the last Commit -Recently added CVEs: `3` +Recently added CVEs: `2` -- [CVE-2022-43915](CVE-2022/CVE-2022-439xx/CVE-2022-43915.json) (`2024-08-24T12:15:04.080`) -- [CVE-2024-7656](CVE-2024/CVE-2024-76xx/CVE-2024-7656.json) (`2024-08-24T12:15:04.330`) -- [CVE-2024-8128](CVE-2024/CVE-2024-81xx/CVE-2024-8128.json) (`2024-08-24T12:15:04.557`) +- [CVE-2024-8129](CVE-2024/CVE-2024-81xx/CVE-2024-8129.json) (`2024-08-24T16:15:04.057`) +- [CVE-2024-8130](CVE-2024/CVE-2024-81xx/CVE-2024-8130.json) (`2024-08-24T17:15:03.290`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index 78fa8319274..7368278b3f6 100644 --- a/_state.csv +++ b/_state.csv @@ -209015,7 +209015,7 @@ CVE-2022-43909,0,0,fb5ee18fcc4a7c8f963a93a6115537cf0182728f4dba8a3bd049fa37f66ac CVE-2022-4391,0,0,55ba1ee53ba287fa9a331eec36653bf0e64371d30780a415458f598732c5d396,2023-11-07T03:57:43.970000 CVE-2022-43910,0,0,7268ce6dc82f1278149e45c0b95732486f595712c6fa46116abdc68639690719,2023-07-27T23:43:13.553000 CVE-2022-43914,0,0,6c5d00c75cae4288b9b3f94ea7847750a80fcdaddd67481674372df2bd89e663,2023-11-07T03:54:07.493000 -CVE-2022-43915,1,1,2d1c28ce172236b063d6a1fb5ffdb0f74219a8ce71539ccfcc96f8c151ed9ed5,2024-08-24T12:15:04.080000 +CVE-2022-43915,0,0,2d1c28ce172236b063d6a1fb5ffdb0f74219a8ce71539ccfcc96f8c151ed9ed5,2024-08-24T12:15:04.080000 CVE-2022-43917,0,0,38b0633885bd70099b602418a9f6cf51c4440b53dd83d61edf447fd9b1fdb596,2023-11-07T03:54:07.590000 CVE-2022-43919,0,0,3aa92fee108b80de2c2a30af75bd50fa8417c3cffedb4ff0feec49c8f960e3aa,2023-05-11T14:37:10.943000 CVE-2022-4392,0,0,8486468fc2864376f0d7d2d2c7f6ecbf29ceed955d0af959f0ef5ea5913b1984,2023-11-07T03:57:44.170000 @@ -260875,7 +260875,7 @@ CVE-2024-7647,0,0,c2417bbd838d2a2a494407e7a47e50a82d7e6b69bb49e726beca72fa9570b1 CVE-2024-7648,0,0,2049ae7cbf0cab301bb3d8a4c000a0971cbb2a1bb7b1a04dd9face1c419d935f,2024-08-12T13:41:36.517000 CVE-2024-7649,0,0,3d0b3905ac20943345a47479273aed49759614ef3fae3b2688335294d499ed3d,2024-08-12T13:41:36.517000 CVE-2024-7651,0,0,5a46da6be71e23b2a70e27947f885b8fb16b12b8154bc4dda4808e71839c3b2b,2024-08-21T12:30:33.697000 -CVE-2024-7656,1,1,36ca719cfd1b469ef1a4c7dec2c47c2577ad2dab738b22cacff0ed1612a27bdf,2024-08-24T12:15:04.330000 +CVE-2024-7656,0,0,36ca719cfd1b469ef1a4c7dec2c47c2577ad2dab738b22cacff0ed1612a27bdf,2024-08-24T12:15:04.330000 CVE-2024-7657,0,0,b71ee6cae903ac873f30f4d097ac987c873f0095983bc9620eda1ffab659d5b8,2024-08-15T17:48:20.920000 CVE-2024-7658,0,0,832a65f53a452b2fa1561cdaae82b94e5ac7d59bc491a09b3cdc773f704d8588,2024-08-13T17:00:19.800000 CVE-2024-7659,0,0,3cb22096bf2f6ca2aa4f8495c729121ab87c6bf294191fb47bc11d37c76e5c86,2024-08-15T17:49:42.667000 @@ -261081,4 +261081,6 @@ CVE-2024-8112,0,0,53bc9e4fb84bb028363b46c3cb18428063770b5e5c085f93ec85e24d18222c CVE-2024-8113,0,0,663828d204cb9ecb17f530ae295b4541dee23e7a4b7b9d658530d5cb44ff87e3,2024-08-23T16:18:28.547000 CVE-2024-8120,0,0,b588d9e16e67a2e06fbd40a6289508e4549b2d995767d4ddf7a7de8f5dc1fd92,2024-08-24T03:15:04.543000 CVE-2024-8127,0,0,d1141915719639d4a45272a624f00fc8374c50578320b4ac97a3acb867c6e2c9,2024-08-24T10:15:04.370000 -CVE-2024-8128,1,1,13eae5ac3df77f7df87f497775100615293e856e3153dd861775b97d8be6ad97,2024-08-24T12:15:04.557000 +CVE-2024-8128,0,0,13eae5ac3df77f7df87f497775100615293e856e3153dd861775b97d8be6ad97,2024-08-24T12:15:04.557000 +CVE-2024-8129,1,1,a525d83bff2d07888612cdee3b31302c25c7465e185e8d7adf0935fbb9fcceaa,2024-08-24T16:15:04.057000 +CVE-2024-8130,1,1,9b7e1f9329e9e382cf628f98432202d425007974b54e0718aec7ddedc99bcb51,2024-08-24T17:15:03.290000