admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 01:02:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-88xx/CVE-2024-8881.json
cad-safe-bot e6cbafdc40 Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00

355 lines
10 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-8881",
"sourceIdentifier": "security@zyxel.com.tw",
"published": "2024-11-12T02:15:18.817",
"lastModified": "2024-11-14T13:51:11.257",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A post-authentication command injection vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier could allow an authenticated, LAN-based attacker with administrator privileges to execute some operating system (OS) commands on an affected device by sending a crafted HTTP request."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n de comandos posterior a la autenticaci\u00f3n en el programa CGI en el firmware del conmutador Zyxel GS1900-48 versi\u00f3n V2.80(AAHN.1)C0 y anteriores podr\u00eda permitir que un atacante autenticado basado en LAN con privilegios de administrador ejecute algunos comandos del sistema operativo (OS) en un dispositivo afectado mediante el env\u00edo de una solicitud HTTP manipulada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@zyxel.com.tw",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@zyxel.com.tw",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:gs1900-8_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.90\\(aahh.0\\)c0",
"matchCriteriaId": "FDB5D07E-AAA1-439D-BC5F-CE005D328FF6"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:gs1900-8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51D33F50-B5A4-4AEF-972C-7FF089C21D52"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:gs1900-8hp_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.90\\(aahi.0\\)c0",
"matchCriteriaId": "7C325177-8525-4E2F-9B81-EBA020E33619"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:gs1900-8hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "27602862-EFB7-402B-994E-254A0B210820"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.90\\(aazi.0\\)c0",
"matchCriteriaId": "ECA64741-0758-4745-AC9A-961B6B01EA20"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:gs1900-10hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89201505-07AF-4F9C-9304-46F2707DB9B4"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:gs1900-16_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.90\\(aahj.0\\)c0",
"matchCriteriaId": "808A3620-BCAA-4D27-898F-66A3115BC9BE"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:gs1900-16:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5078F7A5-D03B-4D3A-9C19-57DFF4D6BF7A"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:gs1900-24_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.90\\(aahl.0\\)c0",
"matchCriteriaId": "8B91466E-3D14-4D3F-BAC8-A2AD013E4A1D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:gs1900-24:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4F55299-70D5-4CE1-A1EC-D79B469B94F7"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:gs1900-24e_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.90\\(aahk.0\\)c0",
"matchCriteriaId": "C670835A-A0FB-422B-8F42-8722A46E4A5C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:gs1900-24e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6456AD6-8A1D-4D3D-AC1A-ABE442242B1B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:gs1900-24ep_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.90\\(abto.0\\)c0",
"matchCriteriaId": "A390C08B-2771-4C10-B25D-07F51A4D931A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:gs1900-24ep:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B22AA8B1-11E2-408F-A1F6-0F8AF32AB131"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:gs1900-24hpv2_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.90\\(abtp.0\\)c0",
"matchCriteriaId": "DC00E9BF-64D5-409A-BE15-B9A01EA1C257"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:gs1900-24hpv2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "512D9A91-8DA7-47F1-AC77-AF743F99BFF3"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:gs1900-48_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.90\\(aahn.0\\)c0",
"matchCriteriaId": "631DAB84-4EF2-482E-A9D2-DAA39278B259"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:gs1900-48:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFB7D4BF-7D17-48D3-990D-4BADAC8BD868"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:gs1900-48hpv2_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.90\\(abtq.0\\)c0",
"matchCriteriaId": "61819161-7A19-4438-8343-7936DE1D237C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:gs1900-48hpv2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC74C679-6D22-47E4-AE8A-2647B1AA4276"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-post-authentication-command-injection-and-buffer-overflow-vulnerabilities-in-gs1900-series-switches-11-12-2024",
"source": "security@zyxel.com.tw",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink