From c2597212a3a4af64e120a427d63c538e7cb863d9 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sun, 10 Mar 2024 09:03:25 +0000 Subject: [PATCH] Auto-Update: 2024-03-10T09:00:37.406712+00:00 --- CVE-2024/CVE-2024-23xx/CVE-2024-2353.json | 88 +++++++++++++++++++++++ README.md | 8 +-- _state.csv | 3 +- 3 files changed, 94 insertions(+), 5 deletions(-) create mode 100644 CVE-2024/CVE-2024-23xx/CVE-2024-2353.json diff --git a/CVE-2024/CVE-2024-23xx/CVE-2024-2353.json b/CVE-2024/CVE-2024-23xx/CVE-2024-2353.json new file mode 100644 index 00000000000..32420620ce1 --- /dev/null +++ b/CVE-2024/CVE-2024-23xx/CVE-2024-2353.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-2353", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-03-10T08:15:05.920", + "lastModified": "2024-03-10T08:15:05.920", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, has been found in Totolink X6000R 9.4.0cu.852_20230719. This issue affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component shttpd. The manipulation of the argument ip leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256313 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "COMPLETE", + "integrityImpact": "COMPLETE", + "availabilityImpact": "COMPLETE", + "baseScore": 9.0 + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 8.0, + "impactScore": 10.0, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/OraclePi/repo/blob/main/totolink%20X6000R/1/X6000R%20AX3000%20WiFi%206%20Giga%20unauthed%20rce.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.256313", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.256313", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 333f17ec221..6384c420591 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-03-10T07:00:37.994119+00:00 +2024-03-10T09:00:37.406712+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-03-10T05:15:06.570000+00:00 +2024-03-10T08:15:05.920000+00:00 ``` ### Last Data Feed Release @@ -29,14 +29,14 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -240942 +240943 ``` ### CVEs added in the last Commit Recently added CVEs: `1` -* [CVE-2024-28757](CVE-2024/CVE-2024-287xx/CVE-2024-28757.json) (`2024-03-10T05:15:06.570`) +* [CVE-2024-2353](CVE-2024/CVE-2024-23xx/CVE-2024-2353.json) (`2024-03-10T08:15:05.920`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index b123a5810e3..41b1c4ebbbf 100644 --- a/_state.csv +++ b/_state.csv @@ -239808,6 +239808,7 @@ CVE-2024-23517,0,0,e4bbedbc00468997609a0c9179822a4e7c082017c830cbf85558e35c31daa CVE-2024-23519,0,0,323d9800215ce0c9e36032433bafa6695128989b60bb35cada524fbfda63857e,2024-02-29T13:49:29.390000 CVE-2024-2352,0,0,b3572978026f02f658dedcfb604dde95cb554b87687641414ca2ed91b4f616de,2024-03-10T02:16:08.767000 CVE-2024-23525,0,0,d87ac004ae364b7188eb5b5618bc7a0354a8aea809beaa37863d308d19bc3d3a,2024-01-27T22:15:08.360000 +CVE-2024-2353,1,1,199439703042b51907315fda2af84dfcccbaf3e56cc37024aa797aa253aa9c64,2024-03-10T08:15:05.920000 CVE-2024-23550,0,0,233aa541fdda788f0e4e95c8a9a0a8f5d7fa7689dcd559af0cf5e5843a531076,2024-02-13T00:57:33.613000 CVE-2024-23553,0,0,51ea2d50cc1ff4dbab518de2a29e9ef6a91bd6b91073c23eb1a7f0cb7c8f1090,2024-02-10T00:59:00.423000 CVE-2024-23591,0,0,f4c08614f6a162f49ecc99f020c088036b0b565e06b57796e1304b45ae78e59d,2024-02-20T22:15:08.353000 @@ -240940,4 +240941,4 @@ CVE-2024-28229,0,0,7bfc3b59e790a5126732ec4d8d480f9938166a41475488b32e066c1e064cc CVE-2024-28230,0,0,3036aa70102b53b9cc695265dc4a11e5a4f5b8d26f6120835dbd1a9c3d93e7ec,2024-03-07T13:52:27.110000 CVE-2024-28753,0,0,125d1396e6c6b0e66335f7e7b1bd0a96847c075a3105c05c042d4fa16177854d,2024-03-09T00:15:59.923000 CVE-2024-28754,0,0,0369a848ec0f7eb40f27bf58345615a77048218f0bda34f00547c17f43514791,2024-03-09T00:15:59.987000 -CVE-2024-28757,1,1,d5994951713ab4e9a05b01d714d085684cbabebf0f7a6598ebf1bb3f34ed8616,2024-03-10T05:15:06.570000 +CVE-2024-28757,0,0,d5994951713ab4e9a05b01d714d085684cbabebf0f7a6598ebf1bb3f34ed8616,2024-03-10T05:15:06.570000