diff --git a/CVE-2024/CVE-2024-81xx/CVE-2024-8134.json b/CVE-2024/CVE-2024-81xx/CVE-2024-8134.json new file mode 100644 index 00000000000..9d7a8d670c7 --- /dev/null +++ b/CVE-2024/CVE-2024-81xx/CVE-2024-8134.json @@ -0,0 +1,152 @@ +{ + "id": "CVE-2024-8134", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-08-24T20:15:04.503", + "lastModified": "2024-08-24T20:15:04.503", + "vulnStatus": "Received", + "cveTags": [ + { + "sourceIdentifier": "cna@vuldb.com", + "tags": [ + "unsupported-when-assigned" + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. It has been rated as critical. This issue affects the function cgi_FMT_Std2R5_1st_DiskMGR of the file /cgi-bin/hd_config.cgi of the component HTTP POST Request Handler. The manipulation of the argument f_source_dev leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_FMT_Std2R5_1st_DiskMGR.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.275705", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.275705", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.396296", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.dlink.com/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 4ef9a451b76..fd9b68066ec 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-08-24T20:00:16.926338+00:00 +2024-08-24T22:00:16.755004+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-08-24T19:15:05.963000+00:00 +2024-08-24T20:15:04.503000+00:00 ``` ### Last Data Feed Release @@ -33,16 +33,14 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -261088 +261089 ``` ### CVEs added in the last Commit -Recently added CVEs: `3` +Recently added CVEs: `1` -- [CVE-2024-8131](CVE-2024/CVE-2024-81xx/CVE-2024-8131.json) (`2024-08-24T18:15:04.420`) -- [CVE-2024-8132](CVE-2024/CVE-2024-81xx/CVE-2024-8132.json) (`2024-08-24T18:15:04.727`) -- [CVE-2024-8133](CVE-2024/CVE-2024-81xx/CVE-2024-8133.json) (`2024-08-24T19:15:05.963`) +- [CVE-2024-8134](CVE-2024/CVE-2024-81xx/CVE-2024-8134.json) (`2024-08-24T20:15:04.503`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index 63b2015787f..7915689485f 100644 --- a/_state.csv +++ b/_state.csv @@ -261084,6 +261084,7 @@ CVE-2024-8127,0,0,d1141915719639d4a45272a624f00fc8374c50578320b4ac97a3acb867c6e2 CVE-2024-8128,0,0,13eae5ac3df77f7df87f497775100615293e856e3153dd861775b97d8be6ad97,2024-08-24T12:15:04.557000 CVE-2024-8129,0,0,a525d83bff2d07888612cdee3b31302c25c7465e185e8d7adf0935fbb9fcceaa,2024-08-24T16:15:04.057000 CVE-2024-8130,0,0,9b7e1f9329e9e382cf628f98432202d425007974b54e0718aec7ddedc99bcb51,2024-08-24T17:15:03.290000 -CVE-2024-8131,1,1,20c710f19d9d755da6abb0b6cdc364aa07ce74f6e6bd39946f1725506ba77183,2024-08-24T18:15:04.420000 -CVE-2024-8132,1,1,c8871d198ab70f9db950df8031b66bd584c152c143118a2eb4e6abb910756de3,2024-08-24T18:15:04.727000 -CVE-2024-8133,1,1,943cb52df07d6f70b3f097830243c502e4670441c6eb14c80d5819b5d4d27e9e,2024-08-24T19:15:05.963000 +CVE-2024-8131,0,0,20c710f19d9d755da6abb0b6cdc364aa07ce74f6e6bd39946f1725506ba77183,2024-08-24T18:15:04.420000 +CVE-2024-8132,0,0,c8871d198ab70f9db950df8031b66bd584c152c143118a2eb4e6abb910756de3,2024-08-24T18:15:04.727000 +CVE-2024-8133,0,0,943cb52df07d6f70b3f097830243c502e4670441c6eb14c80d5819b5d4d27e9e,2024-08-24T19:15:05.963000 +CVE-2024-8134,1,1,a70532fb9cb95955f340f169abe5f8802bbdc93add6de472e54e68ee1b69157f,2024-08-24T20:15:04.503000