Skip to content

Commit

Permalink
1 changes (1 new | 0 updated):
Browse files Browse the repository at this point in the history 
      - 1 new CVEs:  CVE-2024-13130
      - 0 updated CVEs:
  • Loading branch information
cvelistV5 Github Action committed Jan 5, 2025
1 parent 3fa9734 commit b1dd148
Show file tree
Hide file tree
Showing 3 changed files with 215 additions and 1,249 deletions.
196 changes: 196 additions & 0 deletions cves/2024/13xxx/CVE-2024-13130.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,196 @@
{
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"cveMetadata": {
"cveId": "CVE-2024-13130",
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"state": "PUBLISHED",
"assignerShortName": "VulDB",
"dateReserved": "2025-01-04T09:11:19.926Z",
"datePublished": "2025-01-05T01:00:12.751Z",
"dateUpdated": "2025-01-05T01:00:12.751Z"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB",
"dateUpdated": "2025-01-05T01:00:12.751Z"
},
"title": "Dahua IPC-HFW1200S Web Interface Sha1Account1 path traversal",
"problemTypes": [
{
"descriptions": [
{
"type": "CWE",
"cweId": "CWE-24",
"lang": "en",
"description": "Path Traversal: '../filedir'"
}
]
},
{
"descriptions": [
{
"type": "CWE",
"cweId": "CWE-23",
"lang": "en",
"description": "Relative Path Traversal"
}
]
}
],
"affected": [
{
"vendor": "Dahua",
"product": "IPC-HFW1200S",
"versions": [
{
"version": "20241222",
"status": "affected"
}
],
"modules": [
"Web Interface"
]
},
{
"vendor": "Dahua",
"product": "IPC-HFW2300R-Z",
"versions": [
{
"version": "20241222",
"status": "affected"
}
],
"modules": [
"Web Interface"
]
},
{
"vendor": "Dahua",
"product": "IPC-HFW5220E-Z",
"versions": [
{
"version": "20241222",
"status": "affected"
}
],
"modules": [
"Web Interface"
]
},
{
"vendor": "Dahua",
"product": "IPC-HDW1200S",
"versions": [
{
"version": "20241222",
"status": "affected"
}
],
"modules": [
"Web Interface"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Dahua IPC-HFW1200S, IPC-HFW2300R-Z, IPC-HFW5220E-Z and IPC-HDW1200S up to 20241222. It has been rated as problematic. Affected by this issue is some unknown functionality of the file ../mtd/Config/Sha1Account1 of the component Web Interface. The manipulation leads to path traversal: '../filedir'. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine problematische Schwachstelle wurde in Dahua IPC-HFW1200S, IPC-HFW2300R-Z, IPC-HFW5220E-Z and IPC-HDW1200S bis 20241222 ausgemacht. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei ../mtd/Config/Sha1Account1 der Komponente Web Interface. Mit der Manipulation mit unbekannten Daten kann eine path traversal: '../filedir'-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung."
}
],
"metrics": [
{
"cvssV4_0": {
"version": "4.0",
"baseScore": 5.3,
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"baseSeverity": "MEDIUM"
}
},
{
"cvssV3_1": {
"version": "3.1",
"baseScore": 4.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"baseSeverity": "MEDIUM"
}
},
{
"cvssV3_0": {
"version": "3.0",
"baseScore": 4.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"baseSeverity": "MEDIUM"
}
},
{
"cvssV2_0": {
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N"
}
}
],
"timeline": [
{
"time": "2025-01-04T00:00:00.000Z",
"lang": "en",
"value": "Advisory disclosed"
},
{
"time": "2025-01-04T01:00:00.000Z",
"lang": "en",
"value": "VulDB entry created"
},
{
"time": "2025-01-04T10:16:40.000Z",
"lang": "en",
"value": "VulDB entry last update"
}
],
"credits": [
{
"lang": "en",
"value": "netsecfish (VulDB User)",
"type": "reporter"
}
],
"references": [
{
"url": "https://vuldb.com/?id.290204",
"name": "VDB-290204 | Dahua IPC-HFW1200S Web Interface Sha1Account1 path traversal",
"tags": [
"vdb-entry"
]
},
{
"url": "https://vuldb.com/?ctiid.290204",
"name": "VDB-290204 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
]
},
{
"url": "https://vuldb.com/?submit.464260",
"name": "Submit #464260 | IntelBras IPC-HFW1200S, IPC-HFW2300R-Z, IPC-HFW5220E-Z, IPC-HDW1200S, VIP S3020 G2, VIP S4020 G2, VIP S4320 G2, VIP S4020 G3 WebVersion: 3.2.1.225946; WebVersion: 3.2.1.291804 Path Traversal",
"tags": [
"third-party-advisory"
]
},
{
"url": "https://netsecfish.notion.site/Path-Traversal-Vulnerability-in-IntelBras-IP-Cameras-mtd-Config-Sha1Account1-and-mtd-Confi-15e6b683e67c80809442ee3425f753b7?pvs=4",
"tags": [
"exploit"
]
}
]
}
}
}
10 changes: 5 additions & 5 deletions cves/delta.json
View file
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
{
"fetchTime": "2025-01-04T17:05:20.697Z",
"fetchTime": "2025-01-05T01:03:06.970Z",
"numberOfChanges": 1,
"new": [
{
"cveId": "CVE-2025-0214",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2025-0214",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2025/0xxx/CVE-2025-0214.json",
"dateUpdated": "2025-01-04T17:00:16.807Z"
"cveId": "CVE-2024-13130",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-13130",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/13xxx/CVE-2024-13130.json",
"dateUpdated": "2025-01-05T01:00:12.751Z"
}
],
"updated": [],
Expand Down
Loading

0 comments on commit b1dd148

Please sign in to comment.