Auto-Update: 2024-04-27T16:00:37.895735+00:00

2025-05-30 10:10:41 +00:00 · 2024-04-27 16:03:27 +00:00 · 2024-04-27 16:03:27 +00:00 · b9ba3fa914
commit b9ba3fa914
parent 7ee559615a
4 changed files with 196 additions and 12 deletions
--- a/CVE-2024/CVE-2024-42xx/CVE-2024-4252.json
+++ b/CVE-2024/CVE-2024-42xx/CVE-2024-4252.json
@ -0,0 +1,92 @@
+{
+  "id": "CVE-2024-4252",
+  "sourceIdentifier": "cna@vuldb.com",
+  "published": "2024-04-27T14:15:07.067",
+  "lastModified": "2024-04-27T14:15:07.067",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability classified as critical has been found in Tenda i22 1.0.0.3(4687). This affects the function formSetUrlFilterRule. The manipulation of the argument groupIndex leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-262143. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 8.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 5.9
+      }
+    ],
+    "cvssMetricV2": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "2.0",
+          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
+          "accessVector": "NETWORK",
+          "accessComplexity": "LOW",
+          "authentication": "SINGLE",
+          "confidentialityImpact": "COMPLETE",
+          "integrityImpact": "COMPLETE",
+          "availabilityImpact": "COMPLETE",
+          "baseScore": 9.0
+        },
+        "baseSeverity": "HIGH",
+        "exploitabilityScore": 8.0,
+        "impactScore": 10.0,
+        "acInsufInfo": false,
+        "obtainAllPrivilege": false,
+        "obtainUserPrivilege": false,
+        "obtainOtherPrivilege": false,
+        "userInteractionRequired": false
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cna@vuldb.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-121"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/i/i22/formSetUrlFilterRule.md",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?ctiid.262143",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?id.262143",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?submit.319840",
+      "source": "cna@vuldb.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-42xx/CVE-2024-4255.json
+++ b/CVE-2024/CVE-2024-42xx/CVE-2024-4255.json
@ -0,0 +1,92 @@
+{
+  "id": "CVE-2024-4255",
+  "sourceIdentifier": "cna@vuldb.com",
+  "published": "2024-04-27T15:15:06.437",
+  "lastModified": "2024-04-27T15:15:06.437",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability, which was classified as critical, has been found in Ruijie RG-UAC up to 20240419. This issue affects some unknown processing of the file /view/network Config/GRE/gre_edit_commit.php. The manipulation of the argument name leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-262145 was assigned to this vulnerability."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 4.7,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 1.2,
+        "impactScore": 3.4
+      }
+    ],
+    "cvssMetricV2": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "2.0",
+          "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
+          "accessVector": "NETWORK",
+          "accessComplexity": "LOW",
+          "authentication": "MULTIPLE",
+          "confidentialityImpact": "PARTIAL",
+          "integrityImpact": "PARTIAL",
+          "availabilityImpact": "PARTIAL",
+          "baseScore": 5.8
+        },
+        "baseSeverity": "MEDIUM",
+        "exploitabilityScore": 6.4,
+        "impactScore": 6.4,
+        "acInsufInfo": false,
+        "obtainAllPrivilege": false,
+        "obtainUserPrivilege": false,
+        "obtainOtherPrivilege": false,
+        "userInteractionRequired": false
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cna@vuldb.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-78"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/h0e4a0r1t/g-hdkyyf7L-Z8-5v/blob/main/Ruijie%20RG-UAC%20Unified%20Internet%20Behavior%20Management%20Audit%20System%20Backend%20RCE%20Vulnerability-gre_edit_commit.php.pdf",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?ctiid.262145",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?id.262145",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?submit.319820",
+      "source": "cna@vuldb.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-04-27T14:00:38.032924+00:00
+2024-04-27T16:00:37.895735+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-04-27T13:15:09.850000+00:00
+2024-04-27T15:15:06.437000+00:00
 ```

 ### Last Data Feed Release
@ -33,17 +33,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-246959
+246961
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `4`
+Recently added CVEs: `2`

- [CVE-2024-25048](CVE-2024/CVE-2024-250xx/CVE-2024-25048.json) (`2024-04-27T12:15:10.517`)
- [CVE-2024-4249](CVE-2024/CVE-2024-42xx/CVE-2024-4249.json) (`2024-04-27T12:15:10.740`)
- [CVE-2024-4250](CVE-2024/CVE-2024-42xx/CVE-2024-4250.json) (`2024-04-27T12:15:10.963`)
- [CVE-2024-4251](CVE-2024/CVE-2024-42xx/CVE-2024-4251.json) (`2024-04-27T13:15:09.850`)
+- [CVE-2024-4252](CVE-2024/CVE-2024-42xx/CVE-2024-4252.json) (`2024-04-27T14:15:07.067`)
+- [CVE-2024-4255](CVE-2024/CVE-2024-42xx/CVE-2024-4255.json) (`2024-04-27T15:15:06.437`)


 ### CVEs modified in the last Commit
--- a/_state.csv
+++ b/_state.csv
@ -242556,7 +242556,7 @@ CVE-2024-25029,0,0,d48a17c1d5ef1bfa6fbe7d5b73144f127d39825001bfd50aa27289e6a7875
 CVE-2024-25030,0,0,fc3de3fd573e21787e1c0bdd960fb3a4c590b360d40ba7c7d9e34380b9c90bde,2024-04-03T17:24:18.150000
 CVE-2024-2504,0,0,b952b345d554f248180cfc37dd33de3d29aef92bb40f82f2454b4ee2e2c1523d,2024-04-10T13:23:38.787000
 CVE-2024-25046,0,0,64b67efbc5b2947bdef146aee983b6003b7daa23659b2bfe93519b90947330ac,2024-04-03T17:24:18.150000
-CVE-2024-25048,1,1,f98b5f829311c9c9a726d02cd66b8a93a4755ae4aa235bf4cd2af7701d9667d0,2024-04-27T12:15:10.517000
+CVE-2024-25048,0,0,f98b5f829311c9c9a726d02cd66b8a93a4755ae4aa235bf4cd2af7701d9667d0,2024-04-27T12:15:10.517000
 CVE-2024-25062,0,0,9596ed5cf07a8bc8469d4afc28fc727a431af7cff3b6b8e84435c301d9955756,2024-02-13T00:40:40.503000
 CVE-2024-25063,0,0,ada8a3e76748f7f6ba8d6378c081423ac8f962f095964d00e876ad6b7009736e,2024-03-04T22:45:02.117000
 CVE-2024-25064,0,0,1c648660fe74d25bd4bc9587030796b3cc77cb44c915d4df3e4024ac11525ccf,2024-03-04T22:43:15.337000
@ -246955,6 +246955,8 @@ CVE-2024-4245,0,0,a58bcafe50a11707fd6722bf4d9ade7a08a4043c6956281df8ce202e884f61
 CVE-2024-4246,0,0,4beda2b7e903ea592966095d5bc9a339f6323a8e49138b419198977f6b45ee00,2024-04-27T09:15:09.307000
 CVE-2024-4247,0,0,b24cddbd7ad05266f8fd7b07ce980f1eceffbf5d124990a47c313a857dc708c3,2024-04-27T10:15:08.730000
 CVE-2024-4248,0,0,b64a59e931628b50e5be8940c7ffe82887ab2dc33653b6598bc1bbcda53ef641,2024-04-27T11:15:06.500000
-CVE-2024-4249,1,1,d46edcb69b256943f9afeb3eda8cff2f302aaf23ca96ab9f334b49b8885ce130,2024-04-27T12:15:10.740000
-CVE-2024-4250,1,1,3a817a5a241d5a69c3fe84967bbd27afa5e95343705c783a0d160691d5c6ba51,2024-04-27T12:15:10.963000
-CVE-2024-4251,1,1,80fd93fb173defc106399db70233b4682cf54c5e424c46337e7c5f8b4c5ac241,2024-04-27T13:15:09.850000
+CVE-2024-4249,0,0,d46edcb69b256943f9afeb3eda8cff2f302aaf23ca96ab9f334b49b8885ce130,2024-04-27T12:15:10.740000
+CVE-2024-4250,0,0,3a817a5a241d5a69c3fe84967bbd27afa5e95343705c783a0d160691d5c6ba51,2024-04-27T12:15:10.963000
+CVE-2024-4251,0,0,80fd93fb173defc106399db70233b4682cf54c5e424c46337e7c5f8b4c5ac241,2024-04-27T13:15:09.850000
+CVE-2024-4252,1,1,425370b01235b5a72a19664ff47531a79c32ee2dd07da1d85c4b62183392acbc,2024-04-27T14:15:07.067000
+CVE-2024-4255,1,1,518bbffc81cec3ec25fe3ee4962cde6a51f819d0a78ddbcfb4ba3f10713d6dc5,2024-04-27T15:15:06.437000