From 9b44721c8434c1ece91dc3747fe62f43acc7adb7 Mon Sep 17 00:00:00 2001 From: cvelistV5 Github Action Date: Thu, 2 Jan 2025 10:08:39 +0000 Subject: [PATCH] 1 changes (1 new | 0 updated): - 1 new CVEs: CVE-2024-13103 - 0 updated CVEs: --- cves/2024/13xxx/CVE-2024-13103.json | 166 ++++++++++++++++++++++++++++ cves/delta.json | 10 +- cves/deltaLog.json | 61 +++------- 3 files changed, 185 insertions(+), 52 deletions(-) create mode 100644 cves/2024/13xxx/CVE-2024-13103.json diff --git a/cves/2024/13xxx/CVE-2024-13103.json b/cves/2024/13xxx/CVE-2024-13103.json new file mode 100644 index 000000000000..812788db58c3 --- /dev/null +++ b/cves/2024/13xxx/CVE-2024-13103.json @@ -0,0 +1,166 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-13103", + "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", + "state": "PUBLISHED", + "assignerShortName": "VulDB", + "dateReserved": "2025-01-01T08:50:23.976Z", + "datePublished": "2025-01-02T10:00:19.082Z", + "dateUpdated": "2025-01-02T10:00:19.082Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", + "shortName": "VulDB", + "dateUpdated": "2025-01-02T10:00:19.082Z" + }, + "title": "D-Link DIR-816 A2 Virtual Service form2AddVrtsrv.cgi access control", + "problemTypes": [ + { + "descriptions": [ + { + "type": "CWE", + "cweId": "CWE-284", + "lang": "en", + "description": "Improper Access Controls" + } + ] + }, + { + "descriptions": [ + { + "type": "CWE", + "cweId": "CWE-266", + "lang": "en", + "description": "Incorrect Privilege Assignment" + } + ] + } + ], + "affected": [ + { + "vendor": "D-Link", + "product": "DIR-816 A2", + "versions": [ + { + "version": "1.10CNB05_R1B011D88210", + "status": "affected" + } + ], + "modules": [ + "Virtual Service Handler" + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, has been found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. This issue affects some unknown processing of the file /goform/form2AddVrtsrv.cgi of the component Virtual Service Handler. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "de", + "value": "Eine Schwachstelle wurde in D-Link DIR-816 A2 1.10CNB05_R1B011D88210 entdeckt. Sie wurde als kritisch eingestuft. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei /goform/form2AddVrtsrv.cgi der Komponente Virtual Service Handler. Durch die Manipulation mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung." + } + ], + "metrics": [ + { + "cvssV4_0": { + "version": "4.0", + "baseScore": 6.9, + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", + "baseSeverity": "MEDIUM" + } + }, + { + "cvssV3_1": { + "version": "3.1", + "baseScore": 5.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM" + } + }, + { + "cvssV3_0": { + "version": "3.0", + "baseScore": 5.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM" + } + }, + { + "cvssV2_0": { + "version": "2.0", + "baseScore": 5, + "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N" + } + } + ], + "timeline": [ + { + "time": "2025-01-01T00:00:00.000Z", + "lang": "en", + "value": "Advisory disclosed" + }, + { + "time": "2025-01-01T01:00:00.000Z", + "lang": "en", + "value": "VulDB entry created" + }, + { + "time": "2025-01-01T09:55:45.000Z", + "lang": "en", + "value": "VulDB entry last update" + } + ], + "credits": [ + { + "lang": "en", + "value": "yhryhryhr_backup (VulDB User)", + "type": "reporter" + } + ], + "references": [ + { + "url": "https://vuldb.com/?id.289919", + "name": "VDB-289919 | D-Link DIR-816 A2 Virtual Service form2AddVrtsrv.cgi access control", + "tags": [ + "vdb-entry" + ] + }, + { + "url": "https://vuldb.com/?ctiid.289919", + "name": "VDB-289919 | CTI Indicators (IOB, IOC, TTP, IOA)", + "tags": [ + "signature", + "permissions-required" + ] + }, + { + "url": "https://vuldb.com/?submit.472075", + "name": "Submit #472075 | D-Link DIR-816 A2 v1.10 Improper Access Controls", + "tags": [ + "third-party-advisory" + ] + }, + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Unauthorized_Vulnerability/D-Link/DIR-816/form2AddVrtsrv.md", + "tags": [ + "exploit" + ] + }, + { + "url": "https://www.dlink.com/", + "tags": [ + "product" + ] + } + ], + "tags": [ + "unsupported-when-assigned" + ] + } + } +} \ No newline at end of file diff --git a/cves/delta.json b/cves/delta.json index cedbc032cb67..67c146bf957f 100644 --- a/cves/delta.json +++ b/cves/delta.json @@ -1,12 +1,12 @@ { - "fetchTime": "2025-01-02T09:34:50.704Z", + "fetchTime": "2025-01-02T10:08:26.801Z", "numberOfChanges": 1, "new": [ { - "cveId": "CVE-2024-13102", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-13102", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/13xxx/CVE-2024-13102.json", - "dateUpdated": "2025-01-02T09:31:05.191Z" + "cveId": "CVE-2024-13103", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-13103", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/13xxx/CVE-2024-13103.json", + "dateUpdated": "2025-01-02T10:00:19.082Z" } ], "updated": [], diff --git a/cves/deltaLog.json b/cves/deltaLog.json index d5d3c3c40122..0feb3aa4690f 100644 --- a/cves/deltaLog.json +++ b/cves/deltaLog.json @@ -1,4 +1,18 @@ [ + { + "fetchTime": "2025-01-02T10:08:26.801Z", + "numberOfChanges": 1, + "new": [ + { + "cveId": "CVE-2024-13103", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-13103", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/13xxx/CVE-2024-13103.json", + "dateUpdated": "2025-01-02T10:00:19.082Z" + } + ], + "updated": [], + "error": [] + }, { "fetchTime": "2025-01-02T09:34:50.704Z", "numberOfChanges": 1, @@ -116521,52 +116535,5 @@ ], "updated": [], "error": [] - }, - { - "fetchTime": "2024-12-03T10:03:51.538Z", - "numberOfChanges": 2, - "new": [ - { - "cveId": "CVE-2024-47476", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-47476", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/47xxx/CVE-2024-47476.json", - "dateUpdated": "2024-12-03T09:59:07.362Z" - } - ], - "updated": [ - { - "cveId": "CVE-2024-45106", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-45106", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/45xxx/CVE-2024-45106.json", - "dateUpdated": "2024-12-03T10:03:38.771Z" - } - ], - "error": [] - }, - { - "fetchTime": "2024-12-03T09:39:30.378Z", - "numberOfChanges": 3, - "new": [ - { - "cveId": "CVE-2024-11325", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-11325", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/11xxx/CVE-2024-11325.json", - "dateUpdated": "2024-12-03T09:32:00.451Z" - }, - { - "cveId": "CVE-2024-11782", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-11782", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/11xxx/CVE-2024-11782.json", - "dateUpdated": "2024-12-03T09:32:01.713Z" - }, - { - "cveId": "CVE-2024-12062", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-12062", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/12xxx/CVE-2024-12062.json", - "dateUpdated": "2024-12-03T09:32:01.188Z" - } - ], - "updated": [], - "error": [] } ] \ No newline at end of file