diff --git a/CVE-2022/CVE-2022-238xx/CVE-2022-23854.json b/CVE-2022/CVE-2022-238xx/CVE-2022-23854.json index 7850e09f013..36a5bf90085 100644 --- a/CVE-2022/CVE-2022-238xx/CVE-2022-23854.json +++ b/CVE-2022/CVE-2022-238xx/CVE-2022-23854.json @@ -2,7 +2,7 @@ "id": "CVE-2022-23854", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2022-12-23T21:15:09.097", - "lastModified": "2023-11-07T03:44:20.427", + "lastModified": "2024-01-17T07:15:43.860", "vulnStatus": "Modified", "descriptions": [ { @@ -33,7 +33,7 @@ "impactScore": 3.6 }, { - "source": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", + "source": "ics-cert@hq.dhs.gov", "type": "Secondary", "cvssData": { "version": "3.1", @@ -66,7 +66,7 @@ ] }, { - "source": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", + "source": "ics-cert@hq.dhs.gov", "type": "Secondary", "description": [ { @@ -105,6 +105,10 @@ } ], "references": [ + { + "url": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2023-001_r.pdf", + "source": "ics-cert@hq.dhs.gov" + }, { "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-342-02", "source": "ics-cert@hq.dhs.gov", diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51719.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51719.json new file mode 100644 index 00000000000..acd85e24ac9 --- /dev/null +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51719.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-51719", + "sourceIdentifier": "vdisclose@cert-in.org.in", + "published": "2024-01-17T07:15:45.650", + "lastModified": "2024-01-17T07:15:45.650", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Traceroute parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.\n\nSuccessful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0013", + "source": "vdisclose@cert-in.org.in" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51720.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51720.json new file mode 100644 index 00000000000..94ef9d08898 --- /dev/null +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51720.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-51720", + "sourceIdentifier": "vdisclose@cert-in.org.in", + "published": "2024-01-17T07:15:46.597", + "lastModified": "2024-01-17T07:15:46.597", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Time Server 1 parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.\n\nSuccessful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0013", + "source": "vdisclose@cert-in.org.in" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51721.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51721.json new file mode 100644 index 00000000000..852b1bcb661 --- /dev/null +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51721.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-51721", + "sourceIdentifier": "vdisclose@cert-in.org.in", + "published": "2024-01-17T07:15:47.207", + "lastModified": "2024-01-17T07:15:47.207", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Time Server 2 parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.\n\nSuccessful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0013", + "source": "vdisclose@cert-in.org.in" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51722.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51722.json new file mode 100644 index 00000000000..c4aa5da2125 --- /dev/null +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51722.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-51722", + "sourceIdentifier": "vdisclose@cert-in.org.in", + "published": "2024-01-17T07:15:47.753", + "lastModified": "2024-01-17T07:15:47.753", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Time Server 3 parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.\n\nSuccessful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0013", + "source": "vdisclose@cert-in.org.in" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51723.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51723.json new file mode 100644 index 00000000000..68a2115b6a0 --- /dev/null +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51723.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-51723", + "sourceIdentifier": "vdisclose@cert-in.org.in", + "published": "2024-01-17T07:15:48.370", + "lastModified": "2024-01-17T07:15:48.370", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Description parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.\n\nSuccessful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0013", + "source": "vdisclose@cert-in.org.in" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51724.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51724.json new file mode 100644 index 00000000000..0ab7ab66058 --- /dev/null +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51724.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-51724", + "sourceIdentifier": "vdisclose@cert-in.org.in", + "published": "2024-01-17T07:15:49.050", + "lastModified": "2024-01-17T07:15:49.050", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the URL parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.\n\nSuccessful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0013", + "source": "vdisclose@cert-in.org.in" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51725.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51725.json new file mode 100644 index 00000000000..7633f8b89f0 --- /dev/null +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51725.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-51725", + "sourceIdentifier": "vdisclose@cert-in.org.in", + "published": "2024-01-17T07:15:49.690", + "lastModified": "2024-01-17T07:15:49.690", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Contact Email Address parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.\n\nSuccessful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0013", + "source": "vdisclose@cert-in.org.in" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51726.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51726.json new file mode 100644 index 00000000000..1c94ef5c2fc --- /dev/null +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51726.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-51726", + "sourceIdentifier": "vdisclose@cert-in.org.in", + "published": "2024-01-17T07:15:50.343", + "lastModified": "2024-01-17T07:15:50.343", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the SMTP Server Name parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.\n\nSuccessful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0013", + "source": "vdisclose@cert-in.org.in" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51727.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51727.json new file mode 100644 index 00000000000..2e562738022 --- /dev/null +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51727.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-51727", + "sourceIdentifier": "vdisclose@cert-in.org.in", + "published": "2024-01-17T07:15:50.910", + "lastModified": "2024-01-17T07:15:50.910", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the SMTP Username parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.\n\nSuccessful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0013", + "source": "vdisclose@cert-in.org.in" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51728.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51728.json new file mode 100644 index 00000000000..17a17b2731d --- /dev/null +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51728.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-51728", + "sourceIdentifier": "vdisclose@cert-in.org.in", + "published": "2024-01-17T07:15:51.540", + "lastModified": "2024-01-17T07:15:51.540", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the SMTP Password parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.\n\nSuccessful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0013", + "source": "vdisclose@cert-in.org.in" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51729.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51729.json new file mode 100644 index 00000000000..4e409b28d01 --- /dev/null +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51729.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-51729", + "sourceIdentifier": "vdisclose@cert-in.org.in", + "published": "2024-01-17T07:15:52.113", + "lastModified": "2024-01-17T07:15:52.113", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the DDNS Username parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.\n\nSuccessful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0013", + "source": "vdisclose@cert-in.org.in" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51730.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51730.json new file mode 100644 index 00000000000..d3d929b8558 --- /dev/null +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51730.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-51730", + "sourceIdentifier": "vdisclose@cert-in.org.in", + "published": "2024-01-17T07:15:52.710", + "lastModified": "2024-01-17T07:15:52.710", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the DDNS Password parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.\n\nSuccessful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0013", + "source": "vdisclose@cert-in.org.in" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51731.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51731.json new file mode 100644 index 00000000000..1475cb83394 --- /dev/null +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51731.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-51731", + "sourceIdentifier": "vdisclose@cert-in.org.in", + "published": "2024-01-17T07:15:53.290", + "lastModified": "2024-01-17T07:15:53.290", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Hostname parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.\n\nSuccessful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0013", + "source": "vdisclose@cert-in.org.in" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51732.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51732.json new file mode 100644 index 00000000000..1d05ff9b696 --- /dev/null +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51732.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-51732", + "sourceIdentifier": "vdisclose@cert-in.org.in", + "published": "2024-01-17T07:15:53.873", + "lastModified": "2024-01-17T07:15:53.873", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the IPsec Tunnel Name parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.\n\nSuccessful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0013", + "source": "vdisclose@cert-in.org.in" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51733.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51733.json new file mode 100644 index 00000000000..41902fb897c --- /dev/null +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51733.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-51733", + "sourceIdentifier": "vdisclose@cert-in.org.in", + "published": "2024-01-17T08:15:36.110", + "lastModified": "2024-01-17T08:15:36.110", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Identity parameter under Local endpoint settings at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.\n\nSuccessful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0013", + "source": "vdisclose@cert-in.org.in" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51734.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51734.json new file mode 100644 index 00000000000..48516cfc8e4 --- /dev/null +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51734.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-51734", + "sourceIdentifier": "vdisclose@cert-in.org.in", + "published": "2024-01-17T08:15:36.477", + "lastModified": "2024-01-17T08:15:36.477", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Identity parameter under Remote endpoint settings at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.\n\nSuccessful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0013", + "source": "vdisclose@cert-in.org.in" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51735.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51735.json new file mode 100644 index 00000000000..759a298ed0b --- /dev/null +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51735.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-51735", + "sourceIdentifier": "vdisclose@cert-in.org.in", + "published": "2024-01-17T08:15:36.730", + "lastModified": "2024-01-17T08:15:36.730", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Pre-shared key parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.\n\nSuccessful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0013", + "source": "vdisclose@cert-in.org.in" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51736.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51736.json new file mode 100644 index 00000000000..4cda153f90b --- /dev/null +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51736.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-51736", + "sourceIdentifier": "vdisclose@cert-in.org.in", + "published": "2024-01-17T08:15:36.990", + "lastModified": "2024-01-17T08:15:36.990", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the L2TP/PPTP Username parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.\n\nSuccessful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0013", + "source": "vdisclose@cert-in.org.in" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51737.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51737.json new file mode 100644 index 00000000000..c5d1b71ed04 --- /dev/null +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51737.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-51737", + "sourceIdentifier": "vdisclose@cert-in.org.in", + "published": "2024-01-17T08:15:37.230", + "lastModified": "2024-01-17T08:15:37.230", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Preshared Phrase parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.\n\nSuccessful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0013", + "source": "vdisclose@cert-in.org.in" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51738.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51738.json new file mode 100644 index 00000000000..a1fcc67c217 --- /dev/null +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51738.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-51738", + "sourceIdentifier": "vdisclose@cert-in.org.in", + "published": "2024-01-17T08:15:37.487", + "lastModified": "2024-01-17T08:15:37.487", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Network Name (SSID) parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.\n\nSuccessful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0013", + "source": "vdisclose@cert-in.org.in" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51739.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51739.json new file mode 100644 index 00000000000..8deb3996ec0 --- /dev/null +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51739.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-51739", + "sourceIdentifier": "vdisclose@cert-in.org.in", + "published": "2024-01-17T08:15:37.740", + "lastModified": "2024-01-17T08:15:37.740", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Device Name parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.\n\nSuccessful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0013", + "source": "vdisclose@cert-in.org.in" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51740.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51740.json new file mode 100644 index 00000000000..a81a61cf915 --- /dev/null +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51740.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-51740", + "sourceIdentifier": "vdisclose@cert-in.org.in", + "published": "2024-01-17T08:15:37.970", + "lastModified": "2024-01-17T08:15:37.970", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to transmission of authentication credentials in plaintext over the network. A remote attacker could exploit this vulnerability by eavesdropping on the victim\u2019s network traffic to extract username and password from the web interface (Login Page) of the vulnerable targeted system." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-319" + } + ] + } + ], + "references": [ + { + "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0013", + "source": "vdisclose@cert-in.org.in" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51741.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51741.json new file mode 100644 index 00000000000..e953acccb79 --- /dev/null +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51741.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-51741", + "sourceIdentifier": "vdisclose@cert-in.org.in", + "published": "2024-01-17T08:15:38.223", + "lastModified": "2024-01-17T08:15:38.223", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to transmission of authentication credentials in plaintext over the network. A remote attacker could exploit this vulnerability by eavesdropping on the victim\u2019s network traffic to extract username and password from the web interface (Password Reset Page) of the vulnerable targeted system." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-319" + } + ] + } + ], + "references": [ + { + "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0013", + "source": "vdisclose@cert-in.org.in" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51742.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51742.json new file mode 100644 index 00000000000..4f75987cc7b --- /dev/null +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51742.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-51742", + "sourceIdentifier": "vdisclose@cert-in.org.in", + "published": "2024-01-17T08:15:38.487", + "lastModified": "2024-01-17T08:15:38.487", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Add Downstream Frequency parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system. \n\nSuccessful exploitation of this vulnerability could allow the attacker to perform a Denial of Service (DoS) attack on the targeted system.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0013", + "source": "vdisclose@cert-in.org.in" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51743.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51743.json new file mode 100644 index 00000000000..277d59ac11c --- /dev/null +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51743.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-51743", + "sourceIdentifier": "vdisclose@cert-in.org.in", + "published": "2024-01-17T08:15:38.750", + "lastModified": "2024-01-17T08:15:38.750", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Set Upstream Channel ID (UCID) parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system. \n\nSuccessful exploitation of this vulnerability could allow the attacker to perform a Denial of Service (DoS) attack on the targeted system.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0013", + "source": "vdisclose@cert-in.org.in" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-522xx/CVE-2023-52285.json b/CVE-2023/CVE-2023-522xx/CVE-2023-52285.json new file mode 100644 index 00000000000..838c1e3b142 --- /dev/null +++ b/CVE-2023/CVE-2023-522xx/CVE-2023-52285.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-52285", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-01-17T08:15:39.013", + "lastModified": "2024-01-17T08:15:39.013", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "ExamSys 9150244 allows SQL Injection via the /Support/action/Pages.php s_score2 parameter." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://fh4ntke.medium.com/examsys-multiple-sql-injections-ef94d84e440c", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/lrx0014/ExamSys/commit/915024448428867f2228cf7f06abd1b6e65e9397", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 1d09a4d53c9..ae4224f6b83 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-01-17T07:00:24.295150+00:00 +2024-01-17T09:00:25.365950+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-01-17T05:15:08.913000+00:00 +2024-01-17T08:15:39.013000+00:00 ``` ### Last Data Feed Release @@ -29,20 +29,45 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -236178 +236204 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `26` -* [CVE-2024-0405](CVE-2024/CVE-2024-04xx/CVE-2024-0405.json) (`2024-01-17T05:15:08.913`) +* [CVE-2023-51720](CVE-2023/CVE-2023-517xx/CVE-2023-51720.json) (`2024-01-17T07:15:46.597`) +* [CVE-2023-51721](CVE-2023/CVE-2023-517xx/CVE-2023-51721.json) (`2024-01-17T07:15:47.207`) +* [CVE-2023-51722](CVE-2023/CVE-2023-517xx/CVE-2023-51722.json) (`2024-01-17T07:15:47.753`) +* [CVE-2023-51723](CVE-2023/CVE-2023-517xx/CVE-2023-51723.json) (`2024-01-17T07:15:48.370`) +* [CVE-2023-51724](CVE-2023/CVE-2023-517xx/CVE-2023-51724.json) (`2024-01-17T07:15:49.050`) +* [CVE-2023-51725](CVE-2023/CVE-2023-517xx/CVE-2023-51725.json) (`2024-01-17T07:15:49.690`) +* [CVE-2023-51726](CVE-2023/CVE-2023-517xx/CVE-2023-51726.json) (`2024-01-17T07:15:50.343`) +* [CVE-2023-51727](CVE-2023/CVE-2023-517xx/CVE-2023-51727.json) (`2024-01-17T07:15:50.910`) +* [CVE-2023-51728](CVE-2023/CVE-2023-517xx/CVE-2023-51728.json) (`2024-01-17T07:15:51.540`) +* [CVE-2023-51729](CVE-2023/CVE-2023-517xx/CVE-2023-51729.json) (`2024-01-17T07:15:52.113`) +* [CVE-2023-51730](CVE-2023/CVE-2023-517xx/CVE-2023-51730.json) (`2024-01-17T07:15:52.710`) +* [CVE-2023-51731](CVE-2023/CVE-2023-517xx/CVE-2023-51731.json) (`2024-01-17T07:15:53.290`) +* [CVE-2023-51732](CVE-2023/CVE-2023-517xx/CVE-2023-51732.json) (`2024-01-17T07:15:53.873`) +* [CVE-2023-51733](CVE-2023/CVE-2023-517xx/CVE-2023-51733.json) (`2024-01-17T08:15:36.110`) +* [CVE-2023-51734](CVE-2023/CVE-2023-517xx/CVE-2023-51734.json) (`2024-01-17T08:15:36.477`) +* [CVE-2023-51735](CVE-2023/CVE-2023-517xx/CVE-2023-51735.json) (`2024-01-17T08:15:36.730`) +* [CVE-2023-51736](CVE-2023/CVE-2023-517xx/CVE-2023-51736.json) (`2024-01-17T08:15:36.990`) +* [CVE-2023-51737](CVE-2023/CVE-2023-517xx/CVE-2023-51737.json) (`2024-01-17T08:15:37.230`) +* [CVE-2023-51738](CVE-2023/CVE-2023-517xx/CVE-2023-51738.json) (`2024-01-17T08:15:37.487`) +* [CVE-2023-51739](CVE-2023/CVE-2023-517xx/CVE-2023-51739.json) (`2024-01-17T08:15:37.740`) +* [CVE-2023-51740](CVE-2023/CVE-2023-517xx/CVE-2023-51740.json) (`2024-01-17T08:15:37.970`) +* [CVE-2023-51741](CVE-2023/CVE-2023-517xx/CVE-2023-51741.json) (`2024-01-17T08:15:38.223`) +* [CVE-2023-51742](CVE-2023/CVE-2023-517xx/CVE-2023-51742.json) (`2024-01-17T08:15:38.487`) +* [CVE-2023-51743](CVE-2023/CVE-2023-517xx/CVE-2023-51743.json) (`2024-01-17T08:15:38.750`) +* [CVE-2023-52285](CVE-2023/CVE-2023-522xx/CVE-2023-52285.json) (`2024-01-17T08:15:39.013`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `1` +* [CVE-2022-23854](CVE-2022/CVE-2022-238xx/CVE-2022-23854.json) (`2024-01-17T07:15:43.860`) ## Download and Usage