Auto-Update: 2024-06-17T06:00:18.270609+00:00

2025-07-09 16:05:11 +00:00 · 2024-06-17 06:03:11 +00:00 · 2024-06-17 06:03:11 +00:00 · 4ad292bf2f
commit 4ad292bf2f
parent d4d247623c
4 changed files with 135 additions and 7 deletions
--- a/CVE-2024/CVE-2024-60xx/CVE-2024-6045.json
+++ b/CVE-2024/CVE-2024-60xx/CVE-2024-6045.json
@ -0,0 +1,67 @@
+{
+  "id": "CVE-2024-6045",
+  "sourceIdentifier": "twcert@cert.org.tw",
+  "published": "2024-06-17T04:15:09.287",
+  "lastModified": "2024-06-17T04:15:09.287",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessing a specific URL and can log in by using the administrator credentials obtained from analyzing the firmware."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "twcert@cert.org.tw",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "ADJACENT_NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 8.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "twcert@cert.org.tw",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-798"
+        },
+        {
+          "lang": "en",
+          "value": "CWE-912"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10398",
+      "source": "twcert@cert.org.tw"
+    },
+    {
+      "url": "https://www.twcert.org.tw/en/cp-139-7880-629f5-2.html",
+      "source": "twcert@cert.org.tw"
+    },
+    {
+      "url": "https://www.twcert.org.tw/tw/cp-132-7879-da630-1.html",
+      "source": "twcert@cert.org.tw"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-60xx/CVE-2024-6046.json
+++ b/CVE-2024/CVE-2024-60xx/CVE-2024-6046.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2024-6046",
+  "sourceIdentifier": "twcert@cert.org.tw",
+  "published": "2024-06-17T04:15:09.867",
+  "lastModified": "2024-06-17T04:15:09.867",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "SECOM WRTR-304GN-304TW-UPSC V02(unsupported-when-assigned) does not properly filter user input in the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "twcert@cert.org.tw",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 9.8,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "twcert@cert.org.tw",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-78"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.twcert.org.tw/en/cp-139-7882-998f5-2.html",
+      "source": "twcert@cert.org.tw"
+    },
+    {
+      "url": "https://www.twcert.org.tw/tw/cp-132-7881-f88ad-1.html",
+      "source": "twcert@cert.org.tw"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-06-17T04:00:18.806858+00:00
+2024-06-17T06:00:18.270609+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-06-17T03:15:09.163000+00:00
+2024-06-17T04:15:09.867000+00:00
 ```

 ### Last Data Feed Release
@ -33,15 +33,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-254249
+254251
 ```

 ### CVEs added in the last Commit

 Recently added CVEs: `2`

- [CVE-2024-5163](CVE-2024/CVE-2024-51xx/CVE-2024-5163.json) (`2024-06-17T03:15:09.057`)
- [CVE-2024-6044](CVE-2024/CVE-2024-60xx/CVE-2024-6044.json) (`2024-06-17T03:15:09.163`)
+- [CVE-2024-6045](CVE-2024/CVE-2024-60xx/CVE-2024-6045.json) (`2024-06-17T04:15:09.287`)
+- [CVE-2024-6046](CVE-2024/CVE-2024-60xx/CVE-2024-6046.json) (`2024-06-17T04:15:09.867`)


 ### CVEs modified in the last Commit
--- a/_state.csv
+++ b/_state.csv
@ -253837,7 +253837,7 @@ CVE-2024-5159,0,0,21e48f9c116346beacd1ff1b36dcd3eeb5d22159bc679bcf4bc32552636921
 CVE-2024-5160,0,0,9e4b1e18860b5527c7c851e358a84bf2abb3a6bec986d19da5dba6c58ecb7cb1,2024-06-10T18:15:38.067000
 CVE-2024-5161,0,0,e7ee50e132209c9af2d04e0f78f70daa2f8e4d8e66a5c74b97f79aeb602e94ca,2024-06-06T14:17:35.017000
 CVE-2024-5162,0,0,d15fa704d37693972ec8048da97de07e102beeb78dcaeaa088ebcc9b6b634ff1,2024-06-06T14:17:35.017000
-CVE-2024-5163,1,1,2ce742c5cc505b352d65a71b4d02546722a9c212066a9d82bd96320aa13c3a9a,2024-06-17T03:15:09.057000
+CVE-2024-5163,0,0,2ce742c5cc505b352d65a71b4d02546722a9c212066a9d82bd96320aa13c3a9a,2024-06-17T03:15:09.057000
 CVE-2024-5165,0,0,1249b447729c1b58db4dd874ebf3238410613919325ce73c31963c57eb2e607f,2024-05-24T01:15:30.977000
 CVE-2024-5166,0,0,acd04bdcb3927ae2fc6875213ce44649287d9e14ecc961e10fc982fe1f8beeeb,2024-05-22T18:59:20.240000
 CVE-2024-5168,0,0,306ce12eec3dfa604048647f5d45c62ae3c9962c8122be3c41030f354ed300c2,2024-05-24T01:15:30.977000
@ -254247,4 +254247,6 @@ CVE-2024-6039,0,0,b95cc2c25372a777e07390d97534935dbe452a5a533742bda3ef4325dc878c
 CVE-2024-6041,0,0,e6d63ca11ea2ff9ed09ea53c6094128fe340ff7325fdab7606f076aa9a2a1946,2024-06-16T23:15:49.417000
 CVE-2024-6042,0,0,ed54c5636265103325c04d8d2622ce50f3889c9971c74cd395d52c55b95a2414,2024-06-17T00:15:09.323000
 CVE-2024-6043,0,0,ed62535c42832e37b4fd65db6511e39d988a0b0325ab18bd1d36764965ef2443,2024-06-17T01:15:49.627000
-CVE-2024-6044,1,1,e7b2e64c18c97b6be6b2136ab4aca56f14648e5731c5f26d1f52a5c372063f27,2024-06-17T03:15:09.163000
+CVE-2024-6044,0,0,e7b2e64c18c97b6be6b2136ab4aca56f14648e5731c5f26d1f52a5c372063f27,2024-06-17T03:15:09.163000
+CVE-2024-6045,1,1,5e79506df39ea8f7267328abe49cc0d381005956c29a9bbdf201937bde58f730,2024-06-17T04:15:09.287000
+CVE-2024-6046,1,1,cf19d451114556c426f3983a5e1a8618f01d19ba531031d5d307bd6aadf6f22a,2024-06-17T04:15:09.867000