Auto-Update: 2024-03-10T09:00:37.406712+00:00

CVE-2024/CVE-2024-23xx/CVE-2024-2353.json

@@ -0,0 +1,88 @@
+{
+  "id": "CVE-2024-2353",
+  "sourceIdentifier": "cna@vuldb.com",
+  "published": "2024-03-10T08:15:05.920",
+  "lastModified": "2024-03-10T08:15:05.920",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability, which was classified as critical, has been found in Totolink X6000R 9.4.0cu.852_20230719. This issue affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component shttpd. The manipulation of the argument ip leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256313 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 8.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 5.9
+      }
+    ],
+    "cvssMetricV2": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "2.0",
+          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
+          "accessVector": "NETWORK",
+          "accessComplexity": "LOW",
+          "authentication": "SINGLE",
+          "confidentialityImpact": "COMPLETE",
+          "integrityImpact": "COMPLETE",
+          "availabilityImpact": "COMPLETE",
+          "baseScore": 9.0
+        },
+        "baseSeverity": "HIGH",
+        "exploitabilityScore": 8.0,
+        "impactScore": 10.0,
+        "acInsufInfo": false,
+        "obtainAllPrivilege": false,
+        "obtainUserPrivilege": false,
+        "obtainOtherPrivilege": false,
+        "userInteractionRequired": false
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cna@vuldb.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-78"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/OraclePi/repo/blob/main/totolink%20X6000R/1/X6000R%20AX3000%20WiFi%206%20Giga%20unauthed%20rce.md",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?ctiid.256313",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?id.256313",
+      "source": "cna@vuldb.com"
+    }
+  ]
+}

README.md

@@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2024-03-10T07:00:37.994119+00:00
+2024-03-10T09:00:37.406712+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2024-03-10T05:15:06.570000+00:00
+2024-03-10T08:15:05.920000+00:00
 ```
 
 ### Last Data Feed Release
@@ -29,14 +29,14 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-240942
+240943
 ```
 
 ### CVEs added in the last Commit
 
 Recently added CVEs: `1`
 
-* [CVE-2024-28757](CVE-2024/CVE-2024-287xx/CVE-2024-28757.json) (`2024-03-10T05:15:06.570`)
+* [CVE-2024-2353](CVE-2024/CVE-2024-23xx/CVE-2024-2353.json) (`2024-03-10T08:15:05.920`)
 
 
 ### CVEs modified in the last Commit

_state.csv

@@ -239808,6 +239808,7 @@ CVE-2024-23517,0,0,e4bbedbc00468997609a0c9179822a4e7c082017c830cbf85558e35c31daa
 CVE-2024-23519,0,0,323d9800215ce0c9e36032433bafa6695128989b60bb35cada524fbfda63857e,2024-02-29T13:49:29.390000
 CVE-2024-2352,0,0,b3572978026f02f658dedcfb604dde95cb554b87687641414ca2ed91b4f616de,2024-03-10T02:16:08.767000
 CVE-2024-23525,0,0,d87ac004ae364b7188eb5b5618bc7a0354a8aea809beaa37863d308d19bc3d3a,2024-01-27T22:15:08.360000
+CVE-2024-2353,1,1,199439703042b51907315fda2af84dfcccbaf3e56cc37024aa797aa253aa9c64,2024-03-10T08:15:05.920000
 CVE-2024-23550,0,0,233aa541fdda788f0e4e95c8a9a0a8f5d7fa7689dcd559af0cf5e5843a531076,2024-02-13T00:57:33.613000
 CVE-2024-23553,0,0,51ea2d50cc1ff4dbab518de2a29e9ef6a91bd6b91073c23eb1a7f0cb7c8f1090,2024-02-10T00:59:00.423000
 CVE-2024-23591,0,0,f4c08614f6a162f49ecc99f020c088036b0b565e06b57796e1304b45ae78e59d,2024-02-20T22:15:08.353000
@@ -240940,4 +240941,4 @@ CVE-2024-28229,0,0,7bfc3b59e790a5126732ec4d8d480f9938166a41475488b32e066c1e064cc
 CVE-2024-28230,0,0,3036aa70102b53b9cc695265dc4a11e5a4f5b8d26f6120835dbd1a9c3d93e7ec,2024-03-07T13:52:27.110000
 CVE-2024-28753,0,0,125d1396e6c6b0e66335f7e7b1bd0a96847c075a3105c05c042d4fa16177854d,2024-03-09T00:15:59.923000
 CVE-2024-28754,0,0,0369a848ec0f7eb40f27bf58345615a77048218f0bda34f00547c17f43514791,2024-03-09T00:15:59.987000
-CVE-2024-28757,1,1,d5994951713ab4e9a05b01d714d085684cbabebf0f7a6598ebf1bb3f34ed8616,2024-03-10T05:15:06.570000
+CVE-2024-28757,0,0,d5994951713ab4e9a05b01d714d085684cbabebf0f7a6598ebf1bb3f34ed8616,2024-03-10T05:15:06.570000