Auto-Update: 2024-04-27T22:00:38.011414+00:00

2025-05-30 10:10:41 +00:00 · 2024-04-27 22:03:27 +00:00 · 2024-04-27 22:03:27 +00:00 · bf4e48597d
commit bf4e48597d
parent ac2cc446c7
4 changed files with 198 additions and 7 deletions
--- a/CVE-2024/CVE-2024-42xx/CVE-2024-4291.json
+++ b/CVE-2024/CVE-2024-42xx/CVE-2024-4291.json
@ -0,0 +1,92 @@
+{
+  "id": "CVE-2024-4291",
+  "sourceIdentifier": "cna@vuldb.com",
+  "published": "2024-04-27T20:15:07.170",
+  "lastModified": "2024-04-27T20:15:07.170",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability was found in Tenda A301 15.13.08.12_multi_TDE01. It has been rated as critical. This issue affects the function formAddMacfilterRule of the file /goform/setBlackRule. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-262223. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 8.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 5.9
+      }
+    ],
+    "cvssMetricV2": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "2.0",
+          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
+          "accessVector": "NETWORK",
+          "accessComplexity": "LOW",
+          "authentication": "SINGLE",
+          "confidentialityImpact": "COMPLETE",
+          "integrityImpact": "COMPLETE",
+          "availabilityImpact": "COMPLETE",
+          "baseScore": 9.0
+        },
+        "baseSeverity": "HIGH",
+        "exploitabilityScore": 8.0,
+        "impactScore": 10.0,
+        "acInsufInfo": false,
+        "obtainAllPrivilege": false,
+        "obtainUserPrivilege": false,
+        "obtainOtherPrivilege": false,
+        "userInteractionRequired": false
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cna@vuldb.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-121"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/L1ziang/Vulnerability/blob/main/formAddMacfilterRule.md",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?ctiid.262223",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?id.262223",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?submit.320672",
+      "source": "cna@vuldb.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-42xx/CVE-2024-4292.json
+++ b/CVE-2024/CVE-2024-42xx/CVE-2024-4292.json
@ -0,0 +1,96 @@
+{
+  "id": "CVE-2024-4292",
+  "sourceIdentifier": "cna@vuldb.com",
+  "published": "2024-04-27T21:15:47.453",
+  "lastModified": "2024-04-27T21:15:47.453",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability classified as critical has been found in Contemporary Controls BASrouter BACnet BASRT-B 2.7.2. Affected is an unknown function of the component Device-Communication-Control Service. The manipulation with the input 55ff0500370015f30104025506110afb7519035d0841e4bece257b6acfc71f leads to denial of service. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-262224. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+          "attackVector": "ADJACENT_NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "HIGH",
+          "baseScore": 6.5,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 3.6
+      }
+    ],
+    "cvssMetricV2": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "2.0",
+          "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
+          "accessVector": "ADJACENT_NETWORK",
+          "accessComplexity": "LOW",
+          "authentication": "NONE",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "COMPLETE",
+          "baseScore": 6.1
+        },
+        "baseSeverity": "MEDIUM",
+        "exploitabilityScore": 6.5,
+        "impactScore": 6.9,
+        "acInsufInfo": false,
+        "obtainAllPrivilege": false,
+        "obtainUserPrivilege": false,
+        "obtainOtherPrivilege": false,
+        "userInteractionRequired": false
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cna@vuldb.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-404"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/isZzzz/BASRT-B_BACnet_Router_Document/blob/main/BASER-B_backdoor.pcapng",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://github.com/isZzzz/BASRT-B_BACnet_Router_Document/blob/main/BASRT_CVE_apply.pdf",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?ctiid.262224",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?id.262224",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?submit.320749",
+      "source": "cna@vuldb.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-04-27T20:00:38.253854+00:00
+2024-04-27T22:00:38.011414+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-04-27T18:15:22.153000+00:00
+2024-04-27T21:15:47.453000+00:00
 ```

 ### Last Data Feed Release
@ -33,20 +33,21 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-246963
+246965
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `0`
+Recently added CVEs: `2`

+- [CVE-2024-4291](CVE-2024/CVE-2024-42xx/CVE-2024-4291.json) (`2024-04-27T20:15:07.170`)
+- [CVE-2024-4292](CVE-2024/CVE-2024-42xx/CVE-2024-4292.json) (`2024-04-27T21:15:47.453`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `1`
+Recently modified CVEs: `0`

- [CVE-2023-51704](CVE-2023/CVE-2023-517xx/CVE-2023-51704.json) (`2024-04-27T18:15:22.153`)


 ## Download and Usage
--- a/_state.csv
+++ b/_state.csv
@ -235973,7 +235973,7 @@ CVE-2023-5170,0,0,7d763d9e357db2860b84596cbc3f8dfddfeb1b7965a24427f290378d2c7135
 CVE-2023-51700,0,0,0fb4361c3b50dc59fe5d6e6a1d5e33e1c4369fe2e217835d374c53891e74c0e3,2024-01-04T16:55:39.650000
 CVE-2023-51701,0,0,1fc011a035fce3e67f00c46f94aa825bd2781b1e3ca5a19f818cc51e4de1cb4e,2024-01-11T17:33:45.077000
 CVE-2023-51702,0,0,860e40480f3adc58272519c138d01dff7df1b4e64fa34d909e3b769d20d7767e,2024-01-30T23:00:53.027000
-CVE-2023-51704,0,1,2e717c4180e0014e97da4e9885fe84225e8cf47a615375a830c4cdd134818a31,2024-04-27T18:15:22.153000
+CVE-2023-51704,0,0,2e717c4180e0014e97da4e9885fe84225e8cf47a615375a830c4cdd134818a31,2024-04-27T18:15:22.153000
 CVE-2023-51707,0,0,e295335afb38c927cfa680d549d901a9cc0a0dd98ab64af361ac66af3d1592c9,2024-01-09T20:07:58.863000
 CVE-2023-51708,0,0,863a3af7e2d76aebe513db0a9f2335334bcb9ea2a792766a29aa2a8a44379ddc,2024-01-09T15:52:37.997000
 CVE-2023-5171,0,0,913db5b04f4ceac9626806f4eb63dab596791968e32a0113d235f062fc82b34f,2023-10-12T02:52:09.820000
@ -246962,3 +246962,5 @@ CVE-2024-4252,0,0,425370b01235b5a72a19664ff47531a79c32ee2dd07da1d85c4b62183392ac
 CVE-2024-4255,0,0,518bbffc81cec3ec25fe3ee4962cde6a51f819d0a78ddbcfb4ba3f10713d6dc5,2024-04-27T15:15:06.437000
 CVE-2024-4256,0,0,9aae2a577ebf758e1c98bdb4c74a2b6a26ec76a10e9268085a4e889dfd55f5a2,2024-04-27T16:15:07.170000
 CVE-2024-4257,0,0,1a42e073c03689d5b2126a749fafc08d5e7c2c3c7dcaa82139edd37d740f3e62,2024-04-27T16:15:07.410000
+CVE-2024-4291,1,1,2865a121351ebb56160fcf65d7e9586ac99e0ff8d6036dc46e718a2eabc1d391,2024-04-27T20:15:07.170000
+CVE-2024-4292,1,1,f35115db4ed64c24607ced52e93cbcd1c5148fc71f3b2566211f6e6c34c15f40,2024-04-27T21:15:47.453000