Auto-Update: 2024-03-24T09:00:38.176409+00:00

2025-07-09 16:05:11 +00:00 · 2024-03-24 09:03:26 +00:00 · 2024-03-24 09:03:26 +00:00 · cc9a8e081c
commit cc9a8e081c
parent 76e20a19cf
3 changed files with 98 additions and 12 deletions
--- a/CVE-2024/CVE-2024-28xx/CVE-2024-2856.json
+++ b/CVE-2024/CVE-2024-28xx/CVE-2024-2856.json
@ -0,0 +1,88 @@
+{
+  "id": "CVE-2024-2856",
+  "sourceIdentifier": "cna@vuldb.com",
+  "published": "2024-03-24T07:15:08.140",
+  "lastModified": "2024-03-24T07:15:08.140",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability, which was classified as critical, has been found in Tenda AC10 16.03.10.13/16.03.10.20. Affected by this issue is the function fromSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument timeZone leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257780. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 8.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 5.9
+      }
+    ],
+    "cvssMetricV2": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "2.0",
+          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
+          "accessVector": "NETWORK",
+          "accessComplexity": "LOW",
+          "authentication": "SINGLE",
+          "confidentialityImpact": "COMPLETE",
+          "integrityImpact": "COMPLETE",
+          "availabilityImpact": "COMPLETE",
+          "baseScore": 9.0
+        },
+        "baseSeverity": "HIGH",
+        "exploitabilityScore": 8.0,
+        "impactScore": 10.0,
+        "acInsufInfo": false,
+        "obtainAllPrivilege": false,
+        "obtainUserPrivilege": false,
+        "obtainOtherPrivilege": false,
+        "userInteractionRequired": false
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cna@vuldb.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-121"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10/V16.03.10.13/fromSetSysTime.md",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?ctiid.257780",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?id.257780",
+      "source": "cna@vuldb.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-03-24T07:00:38.407535+00:00
+2024-03-24T09:00:38.176409+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-03-24T06:15:11.860000+00:00
+2024-03-24T07:15:08.140000+00:00
 ```

 ### Last Data Feed Release
@ -29,17 +29,14 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-242504
+242505
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `4`
+Recently added CVEs: `1`

-* [CVE-2024-2852](CVE-2024/CVE-2024-28xx/CVE-2024-2852.json) (`2024-03-24T05:15:09.160`)
-* [CVE-2024-2853](CVE-2024/CVE-2024-28xx/CVE-2024-2853.json) (`2024-03-24T05:15:10.517`)
-* [CVE-2024-2854](CVE-2024/CVE-2024-28xx/CVE-2024-2854.json) (`2024-03-24T06:15:08.633`)
-* [CVE-2024-2855](CVE-2024/CVE-2024-28xx/CVE-2024-2855.json) (`2024-03-24T06:15:11.860`)
+* [CVE-2024-2856](CVE-2024/CVE-2024-28xx/CVE-2024-2856.json) (`2024-03-24T07:15:08.140`)


 ### CVEs modified in the last Commit
--- a/_state.csv
+++ b/_state.csv
@ -242302,17 +242302,18 @@ CVE-2024-28447,0,0,729795bf39bd106c71b5b798b10fa8f526cc5d6a6eb2785b0edfa8459a535
 CVE-2024-2849,0,0,e255554df31d5a2be5f1c68b740cace49b575f03af154cb1af4922f66122e90f,2024-03-23T18:15:07.770000
 CVE-2024-2850,0,0,4cd3be288e79bf59ffaa181573a0e5480a6cd00aa673c85dc83831b442015b08,2024-03-24T02:15:07.517000
 CVE-2024-2851,0,0,d34e2e3647fa65cf3dd6820b40a940187c5449577d5122f74010dc45e0fb545c,2024-03-24T03:15:09.177000
-CVE-2024-2852,1,1,a2fd2d6bcf9acd86b3a856901b4314c4a6b4ded19f0c394921168a3620466870,2024-03-24T05:15:09.160000
+CVE-2024-2852,0,0,a2fd2d6bcf9acd86b3a856901b4314c4a6b4ded19f0c394921168a3620466870,2024-03-24T05:15:09.160000
 CVE-2024-28521,0,0,8ab5b6bd1cc025dda03cab07eeddd7e1f81756c34e55025f1870bf6a0feb8a5b,2024-03-22T12:45:36.130000
-CVE-2024-2853,1,1,209548ae772857c426e415979a34bfe530867d834d8eab298ebde9ba9cef6b6a,2024-03-24T05:15:10.517000
+CVE-2024-2853,0,0,209548ae772857c426e415979a34bfe530867d834d8eab298ebde9ba9cef6b6a,2024-03-24T05:15:10.517000
 CVE-2024-28535,0,0,174c70ce71a26af929a40c7b6a103a5242ac3321f34f35a982d598e918b67152,2024-03-21T20:58:46.217000
 CVE-2024-28537,0,0,ff6bf2a37289dca28bccb57e311acb6479e1a577841d298af6b3b484403dfc2c,2024-03-18T19:40:00.173000
-CVE-2024-2854,1,1,569e4fa03b03fffc6e63cd6b0751993d8e2bb20aa3a8c72ba9b45e76a0e64585,2024-03-24T06:15:08.633000
+CVE-2024-2854,0,0,569e4fa03b03fffc6e63cd6b0751993d8e2bb20aa3a8c72ba9b45e76a0e64585,2024-03-24T06:15:08.633000
 CVE-2024-28547,0,0,a2de8a258b087cbf7c5442c921d96afce5895db417e9c628fe7656334d2bb7cc,2024-03-18T19:40:00.173000
-CVE-2024-2855,1,1,b5e203d28165ea1ab596ac548db93f74ba22ae294eece4f41f8475f60ad83b87,2024-03-24T06:15:11.860000
+CVE-2024-2855,0,0,b5e203d28165ea1ab596ac548db93f74ba22ae294eece4f41f8475f60ad83b87,2024-03-24T06:15:11.860000
 CVE-2024-28550,0,0,55b413fc03c0e6dbaa5c4b6ccf0c8e244ea995bce860e043c8086ce78f470aae,2024-03-18T19:40:00.173000
 CVE-2024-28553,0,0,f74a5d2edd657e610cfc2b884ed1530d128afd106cc0a285c1f4868830f65cd2,2024-03-21T20:58:52.357000
 CVE-2024-28559,0,0,0614f972b1018fef175a5be020062e1808da1307fa27e18c6ccd6df48da36c98,2024-03-22T12:45:36.130000
+CVE-2024-2856,1,1,496019dc5da10cf34c9931986d65655b9f90c6e1eaeec21ae011e4c36dc9c4b1,2024-03-24T07:15:08.140000
 CVE-2024-28560,0,0,71f09d4b510ed852efc3bf9ad75f579a4bfcb9f31e97c96f2bbf400031737ddc,2024-03-22T12:45:36.130000
 CVE-2024-28562,0,0,91433a4c4f462713402770533ad7f25e56b67cc00fab70587df3692124b0273d,2024-03-20T13:00:16.367000
 CVE-2024-28563,0,0,a656ef0aa8710291541ea7c711ec135274e970f2c247f821eefbeaee78f8b4d1,2024-03-20T13:00:16.367000