admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-06-02T12:00:25.659913+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-06-02 12:00:29 +00:00
parent 6f920900d7
commit 6e5887b15e
17 changed files with 900 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
CVE-2022/CVE-2022-463xx/CVE-2022-46307.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-46307",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2023-06-02T11:15:09.730",
"lastModified": "2023-06-02T11:15:09.730",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "SGUDA U-Lock central lock control service\u2019s lock management function has incorrect authorization. A remote attacker with general privilege can exploit this vulnerability to call privileged APIs to acquire information, manipulate or disrupt the functionality of arbitrary electronic locks."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "twcert@cert.org.tw",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "twcert@cert.org.tw",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7099-e8897-1.html",
"source": "twcert@cert.org.tw"
}
]
}

55
CVE-2022/CVE-2022-463xx/CVE-2022-46308.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-46308",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2023-06-02T11:15:09.913",
"lastModified": "2023-06-02T11:15:09.913",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "SGUDA U-Lock central lock control service\u2019s user management function has incorrect authorization. A remote attacker with general user privilege can exploit this vulnerability to call privileged APIs to access, modify and delete user information."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "twcert@cert.org.tw",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "twcert@cert.org.tw",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7100-7a15c-1.html",
"source": "twcert@cert.org.tw"
}
]
}

55
CVE-2022/CVE-2022-476xx/CVE-2022-47616.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-47616",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2023-06-02T11:15:09.997",
"lastModified": "2023-06-02T11:15:09.997",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Hitron CODA-5310 has insufficient filtering for specific parameters in the connection test function. A remote attacker authenticated as an administrator, can use the management page to perform command injection attacks, to execute arbitrary system command, manipulate system or disrupt service."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "twcert@cert.org.tw",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "twcert@cert.org.tw",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7082-373d5-1.html",
"source": "twcert@cert.org.tw"
}
]
}

55
CVE-2022/CVE-2022-476xx/CVE-2022-47617.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-47617",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2023-06-02T11:15:10.077",
"lastModified": "2023-06-02T11:15:10.077",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Hitron CODA-5310 has hard-coded encryption/decryption keys in the program code. A remote attacker authenticated as an administrator can decrypt system files using the hard-coded keys for file access, modification, and cause service disruption."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "twcert@cert.org.tw",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "twcert@cert.org.tw",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
}
],
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7083-94e13-1.html",
"source": "twcert@cert.org.tw"
}
]
}

55
CVE-2023/CVE-2023-257xx/CVE-2023-25780.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25780",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2023-06-02T11:15:10.157",
"lastModified": "2023-06-02T11:15:10.157",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "It is identified a vulnerability of insufficient authentication in an important specific function of Status PowerBPM. A LAN attacker with normal user privilege can exploit this vulnerability to modify substitute agent to arbitrary users, resulting in serious consequence."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "twcert@cert.org.tw",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "twcert@cert.org.tw",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
}
],
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7152-d7f5b-1.html",
"source": "twcert@cert.org.tw"
}
]
}

55
CVE-2023/CVE-2023-286xx/CVE-2023-28698.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-28698",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2023-06-02T11:15:10.230",
"lastModified": "2023-06-02T11:15:10.230",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Wade Graphic Design FANTSY has a vulnerability of insufficient authorization check. An unauthenticated remote user can exploit this vulnerability by modifying URL parameters to gain administrator privileges to perform arbitrary system operation or disrupt service."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "twcert@cert.org.tw",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "twcert@cert.org.tw",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7101-f88db-1.html",
"source": "twcert@cert.org.tw"
}
]
}

55
CVE-2023/CVE-2023-286xx/CVE-2023-28699.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-28699",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2023-06-02T11:15:10.297",
"lastModified": "2023-06-02T11:15:10.297",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Wade Graphic Design FANTSY has a vulnerability of insufficient filtering for file type in its file update function. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload a PHP file containing a webshell to perform arbitrary system operation or disrupt service."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "twcert@cert.org.tw",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "twcert@cert.org.tw",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7102-41ab8-1.html",
"source": "twcert@cert.org.tw"
}
]
}

55
CVE-2023/CVE-2023-287xx/CVE-2023-28700.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-28700",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2023-06-02T11:15:10.370",
"lastModified": "2023-06-02T11:15:10.370",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "OMICARD EDM backend system\u2019s file uploading function does not restrict upload of file with dangerous type. A local area network attacker with administrator privileges can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "twcert@cert.org.tw",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "twcert@cert.org.tw",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7144-b7536-1.html",
"source": "twcert@cert.org.tw"
}
]
}

55
CVE-2023/CVE-2023-287xx/CVE-2023-28701.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-28701",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2023-06-02T11:15:10.443",
"lastModified": "2023-06-02T11:15:10.443",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "ELITE TECHNOLOGY CORP. Web Fax has a vulnerability of SQL Injection. An unauthenticated remote attacker can inject SQL commands into the input field of the login page to perform arbitrary system commands, disrupt service or terminate service."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "twcert@cert.org.tw",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "twcert@cert.org.tw",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7145-1a0d4-1.html",
"source": "twcert@cert.org.tw"
}
]
}

55
CVE-2023/CVE-2023-287xx/CVE-2023-28702.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-28702",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2023-06-02T11:15:10.510",
"lastModified": "2023-06-02T11:15:10.510",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "ASUS RT-AC86U does not filter special characters for parameters in specific web URLs. A remote attacker with normal user privileges can exploit this vulnerability to perform command injection attack to execute arbitrary system commands, disrupt system or terminate service."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "twcert@cert.org.tw",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "twcert@cert.org.tw",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7146-ef92a-1.html",
"source": "twcert@cert.org.tw"
}
]
}

55
CVE-2023/CVE-2023-287xx/CVE-2023-28703.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-28703",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2023-06-02T11:15:10.580",
"lastModified": "2023-06-02T11:15:10.580",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "ASUS RT-AC86U\u2019s specific cgi function has a stack-based buffer overflow vulnerability due to insufficient validation for network packet header length. A remote attacker with administrator privileges can exploit this vulnerability to execute arbitrary system commands, disrupt system or terminate service."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "twcert@cert.org.tw",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "twcert@cert.org.tw",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7147-afcf9-1.html",
"source": "twcert@cert.org.tw"
}
]
}

55
CVE-2023/CVE-2023-287xx/CVE-2023-28704.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-28704",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2023-06-02T11:15:10.650",
"lastModified": "2023-06-02T11:15:10.650",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Furbo dog camera has insufficient filtering for special parameter of device log management function. An unauthenticated remote attacker in the Bluetooth network with normal user privileges can exploit this vulnerability to perform command injection attack to execute arbitrary system commands or disrupt service."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "twcert@cert.org.tw",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "twcert@cert.org.tw",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7153-68f52-1.html",
"source": "twcert@cert.org.tw"
}
]
}

55
CVE-2023/CVE-2023-287xx/CVE-2023-28705.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-28705",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2023-06-02T11:15:10.720",
"lastModified": "2023-06-02T11:15:10.720",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Openfind Mail2000 has insufficient filtering special characters of email content of its content filtering function. A remote attacker can exploit this vulnerability using phishing emails that contain malicious web pages injected with JavaScript. When users access the system and open the email, it triggers an XSS (Reflected Cross-site scripting) attack."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "twcert@cert.org.tw",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "twcert@cert.org.tw",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7158-751a6-1.html",
"source": "twcert@cert.org.tw"
}
]
}

55
CVE-2023/CVE-2023-306xx/CVE-2023-30602.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-30602",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2023-06-02T11:15:10.793",
"lastModified": "2023-06-02T11:15:10.793",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Hitron Technologies CODA-5310\u2019s Telnet function transfers sensitive data in plaintext. An unauthenticated remote attacker can exploit this vulnerability to access credentials of normal users and administrator."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "twcert@cert.org.tw",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "twcert@cert.org.tw",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-311"
}
]
}
],
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7084-74e83-1.html",
"source": "twcert@cert.org.tw"
}
]
}

55
CVE-2023/CVE-2023-306xx/CVE-2023-30603.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-30603",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2023-06-02T11:15:10.863",
"lastModified": "2023-06-02T11:15:10.863",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Hitron Technologies CODA-5310 Telnet function with the default account and password, and there is no warning or prompt to ask users to change the default password and account. An unauthenticated remote attackers can exploit this vulnerability to obtain the administrator\u2019s privilege, resulting in performing arbitrary system operation or disrupt service."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "twcert@cert.org.tw",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "twcert@cert.org.tw",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7085-13321-1.html",
"source": "twcert@cert.org.tw"
}
]
}

55
CVE-2023/CVE-2023-306xx/CVE-2023-30604.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-30604",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2023-06-02T11:15:10.930",
"lastModified": "2023-06-02T11:15:10.930",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "It is identified a vulnerability of insufficient authentication in the system configuration interface of Hitron Technologies CODA-5310. An unauthorized remote attacker can exploit this vulnerability to access system configuration interface, resulting in performing arbitrary system operation or disrupt service."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "twcert@cert.org.tw",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "twcert@cert.org.tw",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
}
],
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7086-35622-1.html",
"source": "twcert@cert.org.tw"
}
]
}

25
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-06-02T10:00:24.168928+00:00
2023-06-02T12:00:25.659913+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-06-02T08:15:09.003000+00:00
2023-06-02T11:15:10.930000+00:00
```
### Last Data Feed Release
@ -29,14 +29,29 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
216669
216685
```
### CVEs added in the last Commit
Recently added CVEs: `1`
Recently added CVEs: `16`
* [CVE-2023-3000](CVE-2023/CVE-2023-30xx/CVE-2023-3000.json) (`2023-06-02T08:15:09.003`)
* [CVE-2022-46307](CVE-2022/CVE-2022-463xx/CVE-2022-46307.json) (`2023-06-02T11:15:09.730`)
* [CVE-2022-46308](CVE-2022/CVE-2022-463xx/CVE-2022-46308.json) (`2023-06-02T11:15:09.913`)
* [CVE-2022-47616](CVE-2022/CVE-2022-476xx/CVE-2022-47616.json) (`2023-06-02T11:15:09.997`)
* [CVE-2022-47617](CVE-2022/CVE-2022-476xx/CVE-2022-47617.json) (`2023-06-02T11:15:10.077`)
* [CVE-2023-25780](CVE-2023/CVE-2023-257xx/CVE-2023-25780.json) (`2023-06-02T11:15:10.157`)
* [CVE-2023-28698](CVE-2023/CVE-2023-286xx/CVE-2023-28698.json) (`2023-06-02T11:15:10.230`)
* [CVE-2023-28699](CVE-2023/CVE-2023-286xx/CVE-2023-28699.json) (`2023-06-02T11:15:10.297`)
* [CVE-2023-28700](CVE-2023/CVE-2023-287xx/CVE-2023-28700.json) (`2023-06-02T11:15:10.370`)
* [CVE-2023-28701](CVE-2023/CVE-2023-287xx/CVE-2023-28701.json) (`2023-06-02T11:15:10.443`)
* [CVE-2023-28702](CVE-2023/CVE-2023-287xx/CVE-2023-28702.json) (`2023-06-02T11:15:10.510`)
* [CVE-2023-28703](CVE-2023/CVE-2023-287xx/CVE-2023-28703.json) (`2023-06-02T11:15:10.580`)
* [CVE-2023-28704](CVE-2023/CVE-2023-287xx/CVE-2023-28704.json) (`2023-06-02T11:15:10.650`)
* [CVE-2023-28705](CVE-2023/CVE-2023-287xx/CVE-2023-28705.json) (`2023-06-02T11:15:10.720`)
* [CVE-2023-30602](CVE-2023/CVE-2023-306xx/CVE-2023-30602.json) (`2023-06-02T11:15:10.793`)
* [CVE-2023-30603](CVE-2023/CVE-2023-306xx/CVE-2023-30603.json) (`2023-06-02T11:15:10.863`)
* [CVE-2023-30604](CVE-2023/CVE-2023-306xx/CVE-2023-30604.json) (`2023-06-02T11:15:10.930`)
### CVEs modified in the last Commit