admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-11 16:13:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2025-04-28T02:00:19.836720+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2025-04-28 02:03:54 +00:00
parent 83de627407
commit 3e5ac6ded3
9 changed files with 929 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

108
CVE-2025/CVE-2025-266xx/CVE-2025-26692.json Normal file
View File

@ -0,0 +1,108 @@
{
"id": "CVE-2025-26692",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2025-04-28T00:15:15.423",
"lastModified": "2025-04-28T00:15:15.423",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Quick Agent V3 and Quick Agent V2 contain an issue with improper limitation of a pathname to a restricted directory ('Path Traversal'). If exploited, arbitrary code may be executed by a remote unauthenticated attacker with the Windows system privilege where the product is running."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "vultures@jpcert.or.jp",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 9.2,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV30": [
{
"source": "vultures@jpcert.or.jp",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "vultures@jpcert.or.jp",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/jp/JVN82536398/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://mfp-support.sios.jp/hc/ja/articles/45853460006937",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://siosapps.sios.jp/agent_info/20250425001.html",
"source": "vultures@jpcert.or.jp"
}
]
}

108
CVE-2025/CVE-2025-279xx/CVE-2025-27937.json Normal file
View File

@ -0,0 +1,108 @@
{
"id": "CVE-2025-27937",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2025-04-28T00:15:15.587",
"lastModified": "2025-04-28T00:15:15.587",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Quick Agent V3 and Quick Agent V2 contain an issue with improper limitation of a pathname to a restricted directory ('Path Traversal'). If exploited, an arbitrary file in the affected product may be obtained by a remote attacker who can log in to the product."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "vultures@jpcert.or.jp",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV30": [
{
"source": "vultures@jpcert.or.jp",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "vultures@jpcert.or.jp",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/jp/JVN82536398/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://mfp-support.sios.jp/hc/ja/articles/45853460006937",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://siosapps.sios.jp/agent_info/20250425001.html",
"source": "vultures@jpcert.or.jp"
}
]
}

108
CVE-2025/CVE-2025-311xx/CVE-2025-31144.json Normal file
View File

@ -0,0 +1,108 @@
{
"id": "CVE-2025-31144",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2025-04-28T00:15:15.730",
"lastModified": "2025-04-28T00:15:15.730",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Quick Agent V3 and Quick Agent V2 contain an issue with improper restriction of communication channel to intended endpoints. If exploited, a remote unauthenticated attacker may attempt to log in to an arbitrary host via Windows system where the product is running."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "vultures@jpcert.or.jp",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV30": [
{
"source": "vultures@jpcert.or.jp",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "vultures@jpcert.or.jp",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-923"
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/jp/JVN82536398/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://mfp-support.sios.jp/hc/ja/articles/45853460006937",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://siosapps.sios.jp/agent_info/20250425001.html",
"source": "vultures@jpcert.or.jp"
}
]
}

145
CVE-2025/CVE-2025-39xx/CVE-2025-3991.json Normal file
View File

@ -0,0 +1,145 @@
{
"id": "CVE-2025-3991",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-04-28T00:15:15.877",
"lastModified": "2025-04-28T00:15:15.877",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in TOTOLINK N150RT 3.4.0-B20190525. This affects an unknown part of the file /boafrm/formWdsEncrypt. The manipulation of the argument submit-url leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"baseScore": 9.0,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE"
},
"baseSeverity": "HIGH",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"references": [
{
"url": "https://github.com/fizz-is-on-the-way/Iot_vuls/tree/main/N150RT/BufferOverflow_formWdsEncrypt",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.306327",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.306327",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.557942",
"source": "cna@vuldb.com"
},
{
"url": "https://www.totolink.net/",
"source": "cna@vuldb.com"
}
]
}

145
CVE-2025/CVE-2025-39xx/CVE-2025-3992.json Normal file
View File

@ -0,0 +1,145 @@
{
"id": "CVE-2025-3992",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-04-28T00:15:16.057",
"lastModified": "2025-04-28T00:15:16.057",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in TOTOLINK N150RT 3.4.0-B20190525 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formWlwds. The manipulation of the argument submit-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"baseScore": 9.0,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE"
},
"baseSeverity": "HIGH",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"references": [
{
"url": "https://github.com/fizz-is-on-the-way/Iot_vuls/tree/main/N150RT/BufferOverflow_formWlwds",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.306328",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.306328",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.557943",
"source": "cna@vuldb.com"
},
{
"url": "https://www.totolink.net/",
"source": "cna@vuldb.com"
}
]
}

145
CVE-2025/CVE-2025-39xx/CVE-2025-3993.json Normal file
View File

@ -0,0 +1,145 @@
{
"id": "CVE-2025-3993",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-04-28T01:15:44.383",
"lastModified": "2025-04-28T01:15:44.383",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525 and classified as critical. This issue affects some unknown processing of the file /boafrm/formWsc. The manipulation of the argument submit-url leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"baseScore": 9.0,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE"
},
"baseSeverity": "HIGH",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"references": [
{
"url": "https://github.com/fizz-is-on-the-way/Iot_vuls/tree/main/N150RT/BufferOverflow_formWsc_1",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.306329",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.306329",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.557944",
"source": "cna@vuldb.com"
},
{
"url": "https://www.totolink.net/",
"source": "cna@vuldb.com"
}
]
}

145
CVE-2025/CVE-2025-39xx/CVE-2025-3994.json Normal file
View File

@ -0,0 +1,145 @@
{
"id": "CVE-2025-3994",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-04-28T01:15:45.233",
"lastModified": "2025-04-28T01:15:45.233",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525. It has been classified as problematic. Affected is an unknown function of the file /home.htm of the component IP Port Filtering. The manipulation of the argument Comment leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "HIGH",
"userInteraction": "PASSIVE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"baseScore": 2.4,
"baseSeverity": "LOW",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 0.9,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
"baseScore": 3.3,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "MULTIPLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE"
},
"baseSeverity": "LOW",
"exploitabilityScore": 6.4,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
},
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://github.com/fizz-is-on-the-way/Iot_vuls/tree/main/N150RT/XSS_IP_Port_filering",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.306330",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.306330",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.557945",
"source": "cna@vuldb.com"
},
{
"url": "https://www.totolink.net/",
"source": "cna@vuldb.com"
}
]
}

23
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2025-04-27T23:55:19.543940+00:00
2025-04-28T02:00:19.836720+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2025-04-27T23:15:15.757000+00:00
2025-04-28T01:15:45.233000+00:00
```
### Last Data Feed Release
@ -27,25 +27,26 @@ Repository synchronizes with the NVD every 2 hours.
Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)
```plain
2025-04-27T00:00:04.533387+00:00
2025-04-28T00:00:04.363502+00:00
```
### Total Number of included CVEs
```plain
291544
291551
```
### CVEs added in the last Commit
Recently added CVEs: `6`
Recently added CVEs: `7`
- [CVE-2025-3987](CVE-2025/CVE-2025-39xx/CVE-2025-3987.json) (`2025-04-27T22:15:14.863`)
- [CVE-2025-3988](CVE-2025/CVE-2025-39xx/CVE-2025-3988.json) (`2025-04-27T22:15:15.037`)
- [CVE-2025-3989](CVE-2025/CVE-2025-39xx/CVE-2025-3989.json) (`2025-04-27T23:15:14.890`)
- [CVE-2025-3990](CVE-2025/CVE-2025-39xx/CVE-2025-3990.json) (`2025-04-27T23:15:15.757`)
- [CVE-2025-46689](CVE-2025/CVE-2025-466xx/CVE-2025-46689.json) (`2025-04-27T22:15:15.217`)
- [CVE-2025-46690](CVE-2025/CVE-2025-466xx/CVE-2025-46690.json) (`2025-04-27T22:15:15.360`)
- [CVE-2025-26692](CVE-2025/CVE-2025-266xx/CVE-2025-26692.json) (`2025-04-28T00:15:15.423`)
- [CVE-2025-27937](CVE-2025/CVE-2025-279xx/CVE-2025-27937.json) (`2025-04-28T00:15:15.587`)
- [CVE-2025-31144](CVE-2025/CVE-2025-311xx/CVE-2025-31144.json) (`2025-04-28T00:15:15.730`)
- [CVE-2025-3991](CVE-2025/CVE-2025-39xx/CVE-2025-3991.json) (`2025-04-28T00:15:15.877`)
- [CVE-2025-3992](CVE-2025/CVE-2025-39xx/CVE-2025-3992.json) (`2025-04-28T00:15:16.057`)
- [CVE-2025-3993](CVE-2025/CVE-2025-39xx/CVE-2025-3993.json) (`2025-04-28T01:15:44.383`)
- [CVE-2025-3994](CVE-2025/CVE-2025-39xx/CVE-2025-3994.json) (`2025-04-28T01:15:45.233`)
### CVEs modified in the last Commit

19
_state.csv
View File

@ -287227,6 +287227,7 @@ CVE-2025-26686,0,0,875d6e2e2335e247eb60c92fd966d311965d4dfa5b2e37254f2e9c381e740
CVE-2025-26687,0,0,3e22551589e4ec527d753d1d500a0d81debbda8185553b19774b1c6aad2170f5,2025-04-09T20:03:01.577000
CVE-2025-26688,0,0,21b07cd2440210e182a8d6b8137627939ef3f62b96f51db277c59d6502d24206,2025-04-09T20:03:01.577000
CVE-2025-26689,0,0,dec5b99891737ae6a49560338e391a9fd35d35000ff58423c3aa4180c66c711d,2025-04-01T20:26:30.593000
CVE-2025-26692,1,1,4cafb53aeb849dc34ea9fc7173b99e1117e0ee1f05c19ae992495bd0fb847ea7,2025-04-28T00:15:15.423000
CVE-2025-26695,0,0,f077e716806e3aa11572737cbb762272530f7e8504d9bb6d9406f576cc783416,2025-04-03T13:30:39.037000
CVE-2025-26696,0,0,b9658e1d3c0f3dd4003407283a716267ae4de824c8808025c4c0cd47206d44f0,2025-04-03T13:30:33.593000
CVE-2025-26698,0,0,02e1c85350f9590f950db8be3fe5f72c9485333903c0f224a4be86e1fd66bec5,2025-02-26T13:15:41.983000
@ -288068,6 +288069,7 @@ CVE-2025-27932,0,0,e89ea3f7bc1f24dc892df481b28cf611425fca497d4d9ab9fafb911d848cb
CVE-2025-27933,0,0,93368137a33aa362057a4035ec036f1aedaefb3c8486745a8d93918e46a37c4e,2025-03-27T14:55:25.660000
CVE-2025-27934,0,0,95b3d1b020dd3defb4f0c3dbb03f408c8cd96475518f9b12ef782500b5b25703,2025-04-09T20:02:41.860000
CVE-2025-27936,0,0,0893e29e39a602789fb1ac7a940a079767da6d04fa23f88efea265f3c548ebf3,2025-04-16T13:25:37.340000
CVE-2025-27937,1,1,993df8685bc85e16484395806e08aa4b2b5f5d7a0e9edae29b561521f416b1f0,2025-04-28T00:15:15.587000
CVE-2025-27938,0,0,bf71cc20089ab7c31af5546076ba78a2d82abe6a041a4a3a3ccbdca3b4c0c117,2025-04-16T13:25:59.640000
CVE-2025-27939,0,0,62ad4faad8f2ae97298e92fdca3809e2a8391141ef6e47b0825e7d4aff3fc3a9,2025-04-16T13:25:59.640000
CVE-2025-2794,0,0,b6c5052929166b2fdf6e3c269a20ead353e60c001082fefc35ed2b51aad72541,2025-04-01T20:26:22.890000
@ -289419,6 +289421,7 @@ CVE-2025-31139,0,0,f77a452b5e1edddf158af71a264cde2428ac6b657f8dcbc921a40f17dadbb
CVE-2025-3114,0,0,418d9b2c4c39970a6b7c0e8549739605f4addaf83e877938cc0f3fc3ab0c1506,2025-04-15T21:16:04.847000
CVE-2025-31140,0,0,b5354da0d0be6641b36fd62d7ae5da72fa26945541a5950d6dcb5ec04d83adab,2025-03-27T16:45:12.210000
CVE-2025-31141,0,0,406867c864568f6048dee1b7cffcd596f08f273e12b98bc9b9a899fec211a190,2025-03-27T16:45:12.210000
CVE-2025-31144,1,1,fb448aba6880440a70dedc52749571a178016eb63e89425fadc8a474ed67ceb5,2025-04-28T00:15:15.730000
CVE-2025-31147,0,0,b4b9372e5c8a5e40ec0d018e08c7d412a3cd39ffe19cf8f186844b6fcf8ffb0e,2025-04-16T13:25:37.340000
CVE-2025-3115,0,0,24a856fe651071984693ab7b99fa6f73c29fbb171f1a48b9abf496d4fc3cc5dc,2025-04-22T16:46:51.650000
CVE-2025-31160,0,0,82f17d7889cbcc07a050e3bd5a0bf584b89c18037b9043c83c638bc1493fe9fc,2025-04-07T01:15:42.477000
@ -291281,11 +291284,15 @@ CVE-2025-3983,0,0,25cef30fdb4fe10ba7219695edb63044f6f8ab36f7472ef6a7410a1f5e2146
CVE-2025-3984,0,0,c91dac686fb472be23da0ee0c6a53588be8c31d73e3e88b2f873b4f69af09b70,2025-04-27T20:15:15.537000
CVE-2025-3985,0,0,17f794bf5ed2864c7b41fb94d7cdbc7e385cb1e5fc41f72398abf9c113f7d61c,2025-04-27T21:15:16.300000
CVE-2025-3986,0,0,a0e1201b88b75d6c55b2ee17152f7769e22b6a804358c0ed782ae172b0f049f0,2025-04-27T21:15:16.943000
CVE-2025-3987,1,1,1f20921f1257d5078ab8774024d0257937b05966223b9993fa3f2c17bde5448c,2025-04-27T22:15:14.863000
CVE-2025-3988,1,1,76d068b2159840d8a68bae5e50151196d84be9b94e3b82e41e349cd23fac44f4,2025-04-27T22:15:15.037000
CVE-2025-3989,1,1,5753b5644bf682f48eee616206872ea238fdd174408b8ce47b8d21c701b31220,2025-04-27T23:15:14.890000
CVE-2025-3990,1,1,3366aec23d0b6453aa19e82bdb724c23b22b27751d6621f872ce4dbbe58ef182,2025-04-27T23:15:15.757000
CVE-2025-3987,0,0,1f20921f1257d5078ab8774024d0257937b05966223b9993fa3f2c17bde5448c,2025-04-27T22:15:14.863000
CVE-2025-3988,0,0,76d068b2159840d8a68bae5e50151196d84be9b94e3b82e41e349cd23fac44f4,2025-04-27T22:15:15.037000
CVE-2025-3989,0,0,5753b5644bf682f48eee616206872ea238fdd174408b8ce47b8d21c701b31220,2025-04-27T23:15:14.890000
CVE-2025-3990,0,0,3366aec23d0b6453aa19e82bdb724c23b22b27751d6621f872ce4dbbe58ef182,2025-04-27T23:15:15.757000
CVE-2025-3991,1,1,8ac86264a5346c36ea72df3d78be4f7a5753a20b3690c7556f2be99170fb1a62,2025-04-28T00:15:15.877000
CVE-2025-3992,1,1,f6d38c965d5f4f2b345b19f454c3510e02b19c27377369af6363d77f88c77f3b,2025-04-28T00:15:16.057000
CVE-2025-3993,1,1,13253dba196fcf878a5e2420c6c299bb55578c142c3de67800235f4d6da8f579,2025-04-28T01:15:44.383000
CVE-2025-39930,0,0,42a6955cb0fac1dbd2e5441fb532d9f28b1aaca2d877ee160dbbe720b8efb409,2025-04-21T14:23:45.950000
CVE-2025-3994,1,1,637dbfe52a597a837930503c09f69de3ae0476d6030f79c695e333a883e22e92,2025-04-28T01:15:45.233000
CVE-2025-39989,0,0,0cc48b7ef86c29cf020b5aeed708c2666289505a450cbef1f0919638b4d7450b,2025-04-21T14:23:45.950000
CVE-2025-40014,0,0,cd080bf4e4d482813f829913b5bcdc82f102b28a1076dcf4e2daf085d68110b7,2025-04-21T14:23:45.950000
CVE-2025-40114,0,0,52258d38a9d74d61c359446421539f0af5d39305348a01561ec36d1d740dd110,2025-04-21T14:23:45.950000
@ -291541,5 +291548,5 @@ CVE-2025-46674,0,0,46444152edd713c1307e6ccc5d1033b322cbe1d07cb6f10dea38fc2301d3d
CVE-2025-46675,0,0,b3c69f529ef42425a6977cddb596299cf9685586acba195a28c535b569b687f2,2025-04-27T01:15:44.773000
CVE-2025-46687,0,0,789cec1c054b7dade348dec5c2f11d4567b685dabe9a5263743b00e5f6421591,2025-04-27T20:15:15.720000
CVE-2025-46688,0,0,f3d2ea119df6e35adcd93220be80edb4d0564ed70f8b95b8ee493efc04bb42de,2025-04-27T20:15:15.877000
CVE-2025-46689,1,1,df61c7fa04f2295b97b44c9b4f62ae63006d7d17b1ad7ac0116b1444f3f3d9cb,2025-04-27T22:15:15.217000
CVE-2025-46690,1,1,6bfe253c8cc88312c677faf61d3422e7114d27d86036aa18751c0651f1aa1225,2025-04-27T22:15:15.360000
CVE-2025-46689,0,0,df61c7fa04f2295b97b44c9b4f62ae63006d7d17b1ad7ac0116b1444f3f3d9cb,2025-04-27T22:15:15.217000
CVE-2025-46690,0,0,6bfe253c8cc88312c677faf61d3422e7114d27d86036aa18751c0651f1aa1225,2025-04-27T22:15:15.360000

Can't render this file because it is too large.