From 4ad292bf2f4aa29c1d093a2ee9425d894b5e9a0b Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Mon, 17 Jun 2024 06:03:11 +0000 Subject: [PATCH] Auto-Update: 2024-06-17T06:00:18.270609+00:00 --- CVE-2024/CVE-2024-60xx/CVE-2024-6045.json | 67 +++++++++++++++++++++++ CVE-2024/CVE-2024-60xx/CVE-2024-6046.json | 59 ++++++++++++++++++++ README.md | 10 ++-- _state.csv | 6 +- 4 files changed, 135 insertions(+), 7 deletions(-) create mode 100644 CVE-2024/CVE-2024-60xx/CVE-2024-6045.json create mode 100644 CVE-2024/CVE-2024-60xx/CVE-2024-6046.json diff --git a/CVE-2024/CVE-2024-60xx/CVE-2024-6045.json b/CVE-2024/CVE-2024-60xx/CVE-2024-6045.json new file mode 100644 index 00000000000..ffbe0e07991 --- /dev/null +++ b/CVE-2024/CVE-2024-60xx/CVE-2024-6045.json @@ -0,0 +1,67 @@ +{ + "id": "CVE-2024-6045", + "sourceIdentifier": "twcert@cert.org.tw", + "published": "2024-06-17T04:15:09.287", + "lastModified": "2024-06-17T04:15:09.287", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessing a specific URL and can log in by using the administrator credentials obtained from analyzing the firmware." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-798" + }, + { + "lang": "en", + "value": "CWE-912" + } + ] + } + ], + "references": [ + { + "url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10398", + "source": "twcert@cert.org.tw" + }, + { + "url": "https://www.twcert.org.tw/en/cp-139-7880-629f5-2.html", + "source": "twcert@cert.org.tw" + }, + { + "url": "https://www.twcert.org.tw/tw/cp-132-7879-da630-1.html", + "source": "twcert@cert.org.tw" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-60xx/CVE-2024-6046.json b/CVE-2024/CVE-2024-60xx/CVE-2024-6046.json new file mode 100644 index 00000000000..9d7ff9cf883 --- /dev/null +++ b/CVE-2024/CVE-2024-60xx/CVE-2024-6046.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-6046", + "sourceIdentifier": "twcert@cert.org.tw", + "published": "2024-06-17T04:15:09.867", + "lastModified": "2024-06-17T04:15:09.867", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "SECOM WRTR-304GN-304TW-UPSC V02(unsupported-when-assigned) does not properly filter user input in the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://www.twcert.org.tw/en/cp-139-7882-998f5-2.html", + "source": "twcert@cert.org.tw" + }, + { + "url": "https://www.twcert.org.tw/tw/cp-132-7881-f88ad-1.html", + "source": "twcert@cert.org.tw" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 87fbfd18bf2..3705bb12a78 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-06-17T04:00:18.806858+00:00 +2024-06-17T06:00:18.270609+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-06-17T03:15:09.163000+00:00 +2024-06-17T04:15:09.867000+00:00 ``` ### Last Data Feed Release @@ -33,15 +33,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -254249 +254251 ``` ### CVEs added in the last Commit Recently added CVEs: `2` -- [CVE-2024-5163](CVE-2024/CVE-2024-51xx/CVE-2024-5163.json) (`2024-06-17T03:15:09.057`) -- [CVE-2024-6044](CVE-2024/CVE-2024-60xx/CVE-2024-6044.json) (`2024-06-17T03:15:09.163`) +- [CVE-2024-6045](CVE-2024/CVE-2024-60xx/CVE-2024-6045.json) (`2024-06-17T04:15:09.287`) +- [CVE-2024-6046](CVE-2024/CVE-2024-60xx/CVE-2024-6046.json) (`2024-06-17T04:15:09.867`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index 8ae287a7e10..baba3e07f2f 100644 --- a/_state.csv +++ b/_state.csv @@ -253837,7 +253837,7 @@ CVE-2024-5159,0,0,21e48f9c116346beacd1ff1b36dcd3eeb5d22159bc679bcf4bc32552636921 CVE-2024-5160,0,0,9e4b1e18860b5527c7c851e358a84bf2abb3a6bec986d19da5dba6c58ecb7cb1,2024-06-10T18:15:38.067000 CVE-2024-5161,0,0,e7ee50e132209c9af2d04e0f78f70daa2f8e4d8e66a5c74b97f79aeb602e94ca,2024-06-06T14:17:35.017000 CVE-2024-5162,0,0,d15fa704d37693972ec8048da97de07e102beeb78dcaeaa088ebcc9b6b634ff1,2024-06-06T14:17:35.017000 -CVE-2024-5163,1,1,2ce742c5cc505b352d65a71b4d02546722a9c212066a9d82bd96320aa13c3a9a,2024-06-17T03:15:09.057000 +CVE-2024-5163,0,0,2ce742c5cc505b352d65a71b4d02546722a9c212066a9d82bd96320aa13c3a9a,2024-06-17T03:15:09.057000 CVE-2024-5165,0,0,1249b447729c1b58db4dd874ebf3238410613919325ce73c31963c57eb2e607f,2024-05-24T01:15:30.977000 CVE-2024-5166,0,0,acd04bdcb3927ae2fc6875213ce44649287d9e14ecc961e10fc982fe1f8beeeb,2024-05-22T18:59:20.240000 CVE-2024-5168,0,0,306ce12eec3dfa604048647f5d45c62ae3c9962c8122be3c41030f354ed300c2,2024-05-24T01:15:30.977000 @@ -254247,4 +254247,6 @@ CVE-2024-6039,0,0,b95cc2c25372a777e07390d97534935dbe452a5a533742bda3ef4325dc878c CVE-2024-6041,0,0,e6d63ca11ea2ff9ed09ea53c6094128fe340ff7325fdab7606f076aa9a2a1946,2024-06-16T23:15:49.417000 CVE-2024-6042,0,0,ed54c5636265103325c04d8d2622ce50f3889c9971c74cd395d52c55b95a2414,2024-06-17T00:15:09.323000 CVE-2024-6043,0,0,ed62535c42832e37b4fd65db6511e39d988a0b0325ab18bd1d36764965ef2443,2024-06-17T01:15:49.627000 -CVE-2024-6044,1,1,e7b2e64c18c97b6be6b2136ab4aca56f14648e5731c5f26d1f52a5c372063f27,2024-06-17T03:15:09.163000 +CVE-2024-6044,0,0,e7b2e64c18c97b6be6b2136ab4aca56f14648e5731c5f26d1f52a5c372063f27,2024-06-17T03:15:09.163000 +CVE-2024-6045,1,1,5e79506df39ea8f7267328abe49cc0d381005956c29a9bbdf201937bde58f730,2024-06-17T04:15:09.287000 +CVE-2024-6046,1,1,cf19d451114556c426f3983a5e1a8618f01d19ba531031d5d307bd6aadf6f22a,2024-06-17T04:15:09.867000