Auto-Update: 2024-08-24T22:00:16.755004+00:00

CVE-2024/CVE-2024-81xx/CVE-2024-8134.json

@@ -0,0 +1,152 @@
+{
+  "id": "CVE-2024-8134",
+  "sourceIdentifier": "cna@vuldb.com",
+  "published": "2024-08-24T20:15:04.503",
+  "lastModified": "2024-08-24T20:15:04.503",
+  "vulnStatus": "Received",
+  "cveTags": [
+    {
+      "sourceIdentifier": "cna@vuldb.com",
+      "tags": [
+        "unsupported-when-assigned"
+      ]
+    }
+  ],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. It has been rated as critical. This issue affects the function cgi_FMT_Std2R5_1st_DiskMGR of the file /cgi-bin/hd_config.cgi of the component HTTP POST Request Handler. The manipulation of the argument f_source_dev leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV40": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "4.0",
+          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "attackRequirements": "NONE",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "vulnerableSystemConfidentiality": "LOW",
+          "vulnerableSystemIntegrity": "LOW",
+          "vulnerableSystemAvailability": "LOW",
+          "subsequentSystemConfidentiality": "NONE",
+          "subsequentSystemIntegrity": "NONE",
+          "subsequentSystemAvailability": "NONE",
+          "exploitMaturity": "NOT_DEFINED",
+          "confidentialityRequirements": "NOT_DEFINED",
+          "integrityRequirements": "NOT_DEFINED",
+          "availabilityRequirements": "NOT_DEFINED",
+          "modifiedAttackVector": "NOT_DEFINED",
+          "modifiedAttackComplexity": "NOT_DEFINED",
+          "modifiedAttackRequirements": "NOT_DEFINED",
+          "modifiedPrivilegesRequired": "NOT_DEFINED",
+          "modifiedUserInteraction": "NOT_DEFINED",
+          "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
+          "modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
+          "modifiedVulnerableSystemAvailability": "NOT_DEFINED",
+          "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
+          "modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
+          "modifiedSubsequentSystemAvailability": "NOT_DEFINED",
+          "safety": "NOT_DEFINED",
+          "automatable": "NOT_DEFINED",
+          "recovery": "NOT_DEFINED",
+          "valueDensity": "NOT_DEFINED",
+          "vulnerabilityResponseEffort": "NOT_DEFINED",
+          "providerUrgency": "NOT_DEFINED",
+          "baseScore": 5.3,
+          "baseSeverity": "MEDIUM"
+        }
+      }
+    ],
+    "cvssMetricV31": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 6.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 3.4
+      }
+    ],
+    "cvssMetricV2": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "2.0",
+          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
+          "accessVector": "NETWORK",
+          "accessComplexity": "LOW",
+          "authentication": "SINGLE",
+          "confidentialityImpact": "PARTIAL",
+          "integrityImpact": "PARTIAL",
+          "availabilityImpact": "PARTIAL",
+          "baseScore": 6.5
+        },
+        "baseSeverity": "MEDIUM",
+        "exploitabilityScore": 8.0,
+        "impactScore": 6.4,
+        "acInsufInfo": false,
+        "obtainAllPrivilege": false,
+        "obtainUserPrivilege": false,
+        "obtainOtherPrivilege": false,
+        "userInteractionRequired": false
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cna@vuldb.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-77"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_FMT_Std2R5_1st_DiskMGR.md",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?ctiid.275705",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?id.275705",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?submit.396296",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://www.dlink.com/",
+      "source": "cna@vuldb.com"
+    }
+  ]
+}

README.md

@@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2024-08-24T20:00:16.926338+00:00
+2024-08-24T22:00:16.755004+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2024-08-24T19:15:05.963000+00:00
+2024-08-24T20:15:04.503000+00:00
 ```
 
 ### Last Data Feed Release
@@ -33,16 +33,14 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-261088
+261089
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `3`
+Recently added CVEs: `1`
 
-- [CVE-2024-8131](CVE-2024/CVE-2024-81xx/CVE-2024-8131.json) (`2024-08-24T18:15:04.420`)
-- [CVE-2024-8132](CVE-2024/CVE-2024-81xx/CVE-2024-8132.json) (`2024-08-24T18:15:04.727`)
-- [CVE-2024-8133](CVE-2024/CVE-2024-81xx/CVE-2024-8133.json) (`2024-08-24T19:15:05.963`)
+- [CVE-2024-8134](CVE-2024/CVE-2024-81xx/CVE-2024-8134.json) (`2024-08-24T20:15:04.503`)
 
 
 ### CVEs modified in the last Commit

_state.csv

@@ -261084,6 +261084,7 @@ CVE-2024-8127,0,0,d1141915719639d4a45272a624f00fc8374c50578320b4ac97a3acb867c6e2
 CVE-2024-8128,0,0,13eae5ac3df77f7df87f497775100615293e856e3153dd861775b97d8be6ad97,2024-08-24T12:15:04.557000
 CVE-2024-8129,0,0,a525d83bff2d07888612cdee3b31302c25c7465e185e8d7adf0935fbb9fcceaa,2024-08-24T16:15:04.057000
 CVE-2024-8130,0,0,9b7e1f9329e9e382cf628f98432202d425007974b54e0718aec7ddedc99bcb51,2024-08-24T17:15:03.290000
-CVE-2024-8131,1,1,20c710f19d9d755da6abb0b6cdc364aa07ce74f6e6bd39946f1725506ba77183,2024-08-24T18:15:04.420000
-CVE-2024-8132,1,1,c8871d198ab70f9db950df8031b66bd584c152c143118a2eb4e6abb910756de3,2024-08-24T18:15:04.727000
-CVE-2024-8133,1,1,943cb52df07d6f70b3f097830243c502e4670441c6eb14c80d5819b5d4d27e9e,2024-08-24T19:15:05.963000
+CVE-2024-8131,0,0,20c710f19d9d755da6abb0b6cdc364aa07ce74f6e6bd39946f1725506ba77183,2024-08-24T18:15:04.420000
+CVE-2024-8132,0,0,c8871d198ab70f9db950df8031b66bd584c152c143118a2eb4e6abb910756de3,2024-08-24T18:15:04.727000
+CVE-2024-8133,0,0,943cb52df07d6f70b3f097830243c502e4670441c6eb14c80d5819b5d4d27e9e,2024-08-24T19:15:05.963000
+CVE-2024-8134,1,1,a70532fb9cb95955f340f169abe5f8802bbdc93add6de472e54e68ee1b69157f,2024-08-24T20:15:04.503000