diff --git a/CVE-2024/CVE-2024-28xx/CVE-2024-2856.json b/CVE-2024/CVE-2024-28xx/CVE-2024-2856.json new file mode 100644 index 00000000000..9cfe355f1d5 --- /dev/null +++ b/CVE-2024/CVE-2024-28xx/CVE-2024-2856.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-2856", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-03-24T07:15:08.140", + "lastModified": "2024-03-24T07:15:08.140", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, has been found in Tenda AC10 16.03.10.13/16.03.10.20. Affected by this issue is the function fromSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument timeZone leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257780. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "COMPLETE", + "integrityImpact": "COMPLETE", + "availabilityImpact": "COMPLETE", + "baseScore": 9.0 + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 8.0, + "impactScore": 10.0, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-121" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10/V16.03.10.13/fromSetSysTime.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.257780", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.257780", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 313acb2be1e..9ef763082b8 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-03-24T07:00:38.407535+00:00 +2024-03-24T09:00:38.176409+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-03-24T06:15:11.860000+00:00 +2024-03-24T07:15:08.140000+00:00 ``` ### Last Data Feed Release @@ -29,17 +29,14 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -242504 +242505 ``` ### CVEs added in the last Commit -Recently added CVEs: `4` +Recently added CVEs: `1` -* [CVE-2024-2852](CVE-2024/CVE-2024-28xx/CVE-2024-2852.json) (`2024-03-24T05:15:09.160`) -* [CVE-2024-2853](CVE-2024/CVE-2024-28xx/CVE-2024-2853.json) (`2024-03-24T05:15:10.517`) -* [CVE-2024-2854](CVE-2024/CVE-2024-28xx/CVE-2024-2854.json) (`2024-03-24T06:15:08.633`) -* [CVE-2024-2855](CVE-2024/CVE-2024-28xx/CVE-2024-2855.json) (`2024-03-24T06:15:11.860`) +* [CVE-2024-2856](CVE-2024/CVE-2024-28xx/CVE-2024-2856.json) (`2024-03-24T07:15:08.140`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index 241ba93af94..306da948f04 100644 --- a/_state.csv +++ b/_state.csv @@ -242302,17 +242302,18 @@ CVE-2024-28447,0,0,729795bf39bd106c71b5b798b10fa8f526cc5d6a6eb2785b0edfa8459a535 CVE-2024-2849,0,0,e255554df31d5a2be5f1c68b740cace49b575f03af154cb1af4922f66122e90f,2024-03-23T18:15:07.770000 CVE-2024-2850,0,0,4cd3be288e79bf59ffaa181573a0e5480a6cd00aa673c85dc83831b442015b08,2024-03-24T02:15:07.517000 CVE-2024-2851,0,0,d34e2e3647fa65cf3dd6820b40a940187c5449577d5122f74010dc45e0fb545c,2024-03-24T03:15:09.177000 -CVE-2024-2852,1,1,a2fd2d6bcf9acd86b3a856901b4314c4a6b4ded19f0c394921168a3620466870,2024-03-24T05:15:09.160000 +CVE-2024-2852,0,0,a2fd2d6bcf9acd86b3a856901b4314c4a6b4ded19f0c394921168a3620466870,2024-03-24T05:15:09.160000 CVE-2024-28521,0,0,8ab5b6bd1cc025dda03cab07eeddd7e1f81756c34e55025f1870bf6a0feb8a5b,2024-03-22T12:45:36.130000 -CVE-2024-2853,1,1,209548ae772857c426e415979a34bfe530867d834d8eab298ebde9ba9cef6b6a,2024-03-24T05:15:10.517000 +CVE-2024-2853,0,0,209548ae772857c426e415979a34bfe530867d834d8eab298ebde9ba9cef6b6a,2024-03-24T05:15:10.517000 CVE-2024-28535,0,0,174c70ce71a26af929a40c7b6a103a5242ac3321f34f35a982d598e918b67152,2024-03-21T20:58:46.217000 CVE-2024-28537,0,0,ff6bf2a37289dca28bccb57e311acb6479e1a577841d298af6b3b484403dfc2c,2024-03-18T19:40:00.173000 -CVE-2024-2854,1,1,569e4fa03b03fffc6e63cd6b0751993d8e2bb20aa3a8c72ba9b45e76a0e64585,2024-03-24T06:15:08.633000 +CVE-2024-2854,0,0,569e4fa03b03fffc6e63cd6b0751993d8e2bb20aa3a8c72ba9b45e76a0e64585,2024-03-24T06:15:08.633000 CVE-2024-28547,0,0,a2de8a258b087cbf7c5442c921d96afce5895db417e9c628fe7656334d2bb7cc,2024-03-18T19:40:00.173000 -CVE-2024-2855,1,1,b5e203d28165ea1ab596ac548db93f74ba22ae294eece4f41f8475f60ad83b87,2024-03-24T06:15:11.860000 +CVE-2024-2855,0,0,b5e203d28165ea1ab596ac548db93f74ba22ae294eece4f41f8475f60ad83b87,2024-03-24T06:15:11.860000 CVE-2024-28550,0,0,55b413fc03c0e6dbaa5c4b6ccf0c8e244ea995bce860e043c8086ce78f470aae,2024-03-18T19:40:00.173000 CVE-2024-28553,0,0,f74a5d2edd657e610cfc2b884ed1530d128afd106cc0a285c1f4868830f65cd2,2024-03-21T20:58:52.357000 CVE-2024-28559,0,0,0614f972b1018fef175a5be020062e1808da1307fa27e18c6ccd6df48da36c98,2024-03-22T12:45:36.130000 +CVE-2024-2856,1,1,496019dc5da10cf34c9931986d65655b9f90c6e1eaeec21ae011e4c36dc9c4b1,2024-03-24T07:15:08.140000 CVE-2024-28560,0,0,71f09d4b510ed852efc3bf9ad75f579a4bfcb9f31e97c96f2bbf400031737ddc,2024-03-22T12:45:36.130000 CVE-2024-28562,0,0,91433a4c4f462713402770533ad7f25e56b67cc00fab70587df3692124b0273d,2024-03-20T13:00:16.367000 CVE-2024-28563,0,0,a656ef0aa8710291541ea7c711ec135274e970f2c247f821eefbeaee78f8b4d1,2024-03-20T13:00:16.367000