diff --git a/cves/2024/13xxx/CVE-2024-13105.json b/cves/2024/13xxx/CVE-2024-13105.json new file mode 100644 index 000000000000..80deb84f4041 --- /dev/null +++ b/cves/2024/13xxx/CVE-2024-13105.json @@ -0,0 +1,166 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-13105", + "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", + "state": "PUBLISHED", + "assignerShortName": "VulDB", + "dateReserved": "2025-01-01T08:50:29.524Z", + "datePublished": "2025-01-02T11:00:15.898Z", + "dateUpdated": "2025-01-02T11:00:15.898Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", + "shortName": "VulDB", + "dateUpdated": "2025-01-02T11:00:15.898Z" + }, + "title": "D-Link DIR-816 A2 DHCPD Setting form2Dhcpd.cgi access control", + "problemTypes": [ + { + "descriptions": [ + { + "type": "CWE", + "cweId": "CWE-284", + "lang": "en", + "description": "Improper Access Controls" + } + ] + }, + { + "descriptions": [ + { + "type": "CWE", + "cweId": "CWE-266", + "lang": "en", + "description": "Incorrect Privilege Assignment" + } + ] + } + ], + "affected": [ + { + "vendor": "D-Link", + "product": "DIR-816 A2", + "versions": [ + { + "version": "1.10CNB05_R1B011D88210", + "status": "affected" + } + ], + "modules": [ + "DHCPD Setting Handler" + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /goform/form2Dhcpd.cgi of the component DHCPD Setting Handler. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "de", + "value": "In D-Link DIR-816 A2 1.10CNB05_R1B011D88210 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Das betrifft eine unbekannte Funktionalität der Datei /goform/form2Dhcpd.cgi der Komponente DHCPD Setting Handler. Mittels dem Manipulieren mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung." + } + ], + "metrics": [ + { + "cvssV4_0": { + "version": "4.0", + "baseScore": 6.9, + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", + "baseSeverity": "MEDIUM" + } + }, + { + "cvssV3_1": { + "version": "3.1", + "baseScore": 5.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM" + } + }, + { + "cvssV3_0": { + "version": "3.0", + "baseScore": 5.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM" + } + }, + { + "cvssV2_0": { + "version": "2.0", + "baseScore": 5, + "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N" + } + } + ], + "timeline": [ + { + "time": "2025-01-01T00:00:00.000Z", + "lang": "en", + "value": "Advisory disclosed" + }, + { + "time": "2025-01-01T01:00:00.000Z", + "lang": "en", + "value": "VulDB entry created" + }, + { + "time": "2025-01-01T09:55:48.000Z", + "lang": "en", + "value": "VulDB entry last update" + } + ], + "credits": [ + { + "lang": "en", + "value": "yhryhryhr_tutu (VulDB User)", + "type": "reporter" + } + ], + "references": [ + { + "url": "https://vuldb.com/?id.289921", + "name": "VDB-289921 | D-Link DIR-816 A2 DHCPD Setting form2Dhcpd.cgi access control", + "tags": [ + "vdb-entry" + ] + }, + { + "url": "https://vuldb.com/?ctiid.289921", + "name": "VDB-289921 | CTI Indicators (IOB, IOC, TTP, IOA)", + "tags": [ + "signature", + "permissions-required" + ] + }, + { + "url": "https://vuldb.com/?submit.472085", + "name": "Submit #472085 | D-Link DIR-816 A2 v1.10 Improper Access Controls", + "tags": [ + "third-party-advisory" + ] + }, + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Unauthorized_Vulnerability/D-Link/DIR-816/form2Dhcpd.md", + "tags": [ + "exploit" + ] + }, + { + "url": "https://www.dlink.com/", + "tags": [ + "product" + ] + } + ], + "tags": [ + "unsupported-when-assigned" + ] + } + } +} \ No newline at end of file diff --git a/cves/delta.json b/cves/delta.json index a4d36cbc6039..d3da9cf9a83b 100644 --- a/cves/delta.json +++ b/cves/delta.json @@ -1,12 +1,12 @@ { - "fetchTime": "2025-01-02T10:38:28.872Z", + "fetchTime": "2025-01-02T11:03:23.757Z", "numberOfChanges": 1, "new": [ { - "cveId": "CVE-2024-13104", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-13104", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/13xxx/CVE-2024-13104.json", - "dateUpdated": "2025-01-02T10:31:05.831Z" + "cveId": "CVE-2024-13105", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-13105", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/13xxx/CVE-2024-13105.json", + "dateUpdated": "2025-01-02T11:00:15.898Z" } ], "updated": [], diff --git a/cves/deltaLog.json b/cves/deltaLog.json index 0ff47c544057..69497e79e295 100644 --- a/cves/deltaLog.json +++ b/cves/deltaLog.json @@ -1,4 +1,18 @@ [ + { + "fetchTime": "2025-01-02T11:03:23.757Z", + "numberOfChanges": 1, + "new": [ + { + "cveId": "CVE-2024-13105", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-13105", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/13xxx/CVE-2024-13105.json", + "dateUpdated": "2025-01-02T11:00:15.898Z" + } + ], + "updated": [], + "error": [] + }, { "fetchTime": "2025-01-02T10:38:28.872Z", "numberOfChanges": 1,