Update CVE and NVD data

CloudSecurityAlliance · Mar 3, 2024 · 0291a24 · 0291a24
1 parent affb47e
commit 0291a24
Show file tree

Hide file tree

Showing 127 changed files with 13,960 additions and 257 deletions.
diff --git a/2021/31xxx/GSD-2021-31152.json b/2021/31xxx/GSD-2021-31152.json
@@ -88,139 +88,146 @@
             "name": "http://packetstormsecurity.com/files/162258/Multilaser-Router-RE018-AC1200-Cross-Site-Request-Forgery.html",
             "refsource": "MISC",
             "url": "http://packetstormsecurity.com/files/162258/Multilaser-Router-RE018-AC1200-Cross-Site-Request-Forgery.html"
+          },
+          {
+            "name": "20240302 Multilaser Router - Access Control Bypass through URL Manipulation - CVE-2023-38945",
+            "refsource": "FULLDISC",
+            "url": "http://seclists.org/fulldisclosure/2024/Mar/1"
           }
         ]
       }
     },
     "nvd.nist.gov": {
-      "configurations": {
-        "CVE_data_version": "4.0",
-        "nodes": [
+      "cve": {
+        "configurations": [
           {
-            "children": [
+            "nodes": [
               {
-                "children": [],
-                "cpe_match": [
+                "cpeMatch": [
                   {
-                    "cpe23Uri": "cpe:2.3:o:multilaser:ac1200_re018_firmware:v02.03.01.45_pt:*:*:*:*:*:*:*",
-                    "cpe_name": [],
+                    "criteria": "cpe:2.3:o:multilaser:ac1200_re018_firmware:v02.03.01.45_pt:*:*:*:*:*:*:*",
+                    "matchCriteriaId": "2BFD13C8-F6B9-41D5-A465-470C550CF35C",
                     "vulnerable": true
                   }
                 ],
+                "negate": false,
                 "operator": "OR"
               },
               {
-                "children": [],
-                "cpe_match": [
+                "cpeMatch": [
                   {
-                    "cpe23Uri": "cpe:2.3:h:multilaser:ac1200_re018:-:*:*:*:*:*:*:*",
-                    "cpe_name": [],
+                    "criteria": "cpe:2.3:h:multilaser:ac1200_re018:-:*:*:*:*:*:*:*",
+                    "matchCriteriaId": "6D7EA424-365A-48E8-8D4E-B8D2FDE72983",
                     "vulnerable": false
                   }
                 ],
+                "negate": false,
                 "operator": "OR"
               }
             ],
-            "cpe_match": [],
             "operator": "AND"
           }
-        ]
-      },
-      "cve": {
-        "CVE_data_meta": {
-          "ASSIGNER": "cve@mitre.org",
-          "ID": "CVE-2021-31152"
-        },
-        "data_format": "MITRE",
-        "data_type": "CVE",
-        "data_version": "4.0",
-        "description": {
-          "description_data": [
+        ],
+        "descriptions": [
+          {
+            "lang": "en",
+            "value": "Multilaser Router AC1200 V02.03.01.45_pt contains a cross-site request forgery (CSRF) vulnerability. An attacker can enable remote access, change passwords, and perform other actions through misconfigured requests, entries, and headers."
+          },
+          {
+            "lang": "es",
+            "value": "Multilaser Router AC1200 versi\u00f3n V02.03.01.45_pt contiene una vulnerabilidad de tipo cross-site request forgery (CSRF).&#xa0;Un atacante puede habilitar el acceso remoto, cambiar contrase\u00f1as y llevar a cabo otras acciones por medio de peticiones, entradas y encabezados configurados inapropiadamente"
+          }
+        ],
+        "id": "CVE-2021-31152",
+        "lastModified": "2024-03-03T02:15:49.407",
+        "metrics": {
+          "cvssMetricV2": [
             {
-              "lang": "en",
-              "value": "Multilaser Router AC1200 V02.03.01.45_pt contains a cross-site request forgery (CSRF) vulnerability. An attacker can enable remote access, change passwords, and perform other actions through misconfigured requests, entries, and headers."
+              "acInsufInfo": false,
+              "baseSeverity": "MEDIUM",
+              "cvssData": {
+                "accessComplexity": "MEDIUM",
+                "accessVector": "NETWORK",
+                "authentication": "NONE",
+                "availabilityImpact": "PARTIAL",
+                "baseScore": 6.8,
+                "confidentialityImpact": "PARTIAL",
+                "integrityImpact": "PARTIAL",
+                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
+                "version": "2.0"
+              },
+              "exploitabilityScore": 8.6,
+              "impactScore": 6.4,
+              "obtainAllPrivilege": false,
+              "obtainOtherPrivilege": false,
+              "obtainUserPrivilege": false,
+              "source": "nvd@nist.gov",
+              "type": "Primary",
+              "userInteractionRequired": true
             }
-          ]
-        },
-        "problemtype": {
-          "problemtype_data": [
+          ],
+          "cvssMetricV31": [
             {
-              "description": [
-                {
-                  "lang": "en",
-                  "value": "CWE-352"
-                }
-              ]
+              "cvssData": {
+                "attackComplexity": "LOW",
+                "attackVector": "NETWORK",
+                "availabilityImpact": "HIGH",
+                "baseScore": 8.8,
+                "baseSeverity": "HIGH",
+                "confidentialityImpact": "HIGH",
+                "integrityImpact": "HIGH",
+                "privilegesRequired": "NONE",
+                "scope": "UNCHANGED",
+                "userInteraction": "REQUIRED",
+                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+                "version": "3.1"
+              },
+              "exploitabilityScore": 2.8,
+              "impactScore": 5.9,
+              "source": "nvd@nist.gov",
+              "type": "Primary"
             }
           ]
         },
-        "references": {
-          "reference_data": [
-            {
-              "name": "https://www.youtube.com/watch?v=zN3DVrcu6Eg",
-              "refsource": "MISC",
-              "tags": [
-                "Exploit",
-                "Third Party Advisory"
-              ],
-              "url": "https://www.youtube.com/watch?v=zN3DVrcu6Eg"
-            },
-            {
-              "name": "http://packetstormsecurity.com/files/162258/Multilaser-Router-RE018-AC1200-Cross-Site-Request-Forgery.html",
-              "refsource": "MISC",
-              "tags": [
-                "Exploit",
-                "Third Party Advisory",
-                "VDB Entry"
-              ],
-              "url": "http://packetstormsecurity.com/files/162258/Multilaser-Router-RE018-AC1200-Cross-Site-Request-Forgery.html"
-            }
-          ]
-        }
-      },
-      "impact": {
-        "baseMetricV2": {
-          "acInsufInfo": false,
-          "cvssV2": {
-            "accessComplexity": "MEDIUM",
-            "accessVector": "NETWORK",
-            "authentication": "NONE",
-            "availabilityImpact": "PARTIAL",
-            "baseScore": 6.8,
-            "confidentialityImpact": "PARTIAL",
-            "integrityImpact": "PARTIAL",
-            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
-            "version": "2.0"
+        "published": "2021-04-14T14:15:14.210",
+        "references": [
+          {
+            "source": "cve@mitre.org",
+            "tags": [
+              "Exploit",
+              "Third Party Advisory",
+              "VDB Entry"
+            ],
+            "url": "http://packetstormsecurity.com/files/162258/Multilaser-Router-RE018-AC1200-Cross-Site-Request-Forgery.html"
           },
-          "exploitabilityScore": 8.6,
-          "impactScore": 6.4,
-          "obtainAllPrivilege": false,
-          "obtainOtherPrivilege": false,
-          "obtainUserPrivilege": false,
-          "severity": "MEDIUM",
-          "userInteractionRequired": true
-        },
-        "baseMetricV3": {
-          "cvssV3": {
-            "attackComplexity": "LOW",
-            "attackVector": "NETWORK",
-            "availabilityImpact": "HIGH",
-            "baseScore": 8.8,
-            "baseSeverity": "HIGH",
-            "confidentialityImpact": "HIGH",
-            "integrityImpact": "HIGH",
-            "privilegesRequired": "NONE",
-            "scope": "UNCHANGED",
-            "userInteraction": "REQUIRED",
-            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
-            "version": "3.1"
+          {
+            "source": "cve@mitre.org",
+            "url": "http://seclists.org/fulldisclosure/2024/Mar/1"
           },
-          "exploitabilityScore": 2.8,
-          "impactScore": 5.9
-        }
-      },
-      "lastModifiedDate": "2021-06-28T14:45Z",
-      "publishedDate": "2021-04-14T14:15Z"
+          {
+            "source": "cve@mitre.org",
+            "tags": [
+              "Exploit",
+              "Third Party Advisory"
+            ],
+            "url": "https://www.youtube.com/watch?v=zN3DVrcu6Eg"
+          }
+        ],
+        "sourceIdentifier": "cve@mitre.org",
+        "vulnStatus": "Modified",
+        "weaknesses": [
+          {
+            "description": [
+              {
+                "lang": "en",
+                "value": "CWE-352"
+              }
+            ],
+            "source": "nvd@nist.gov",
+            "type": "Primary"
+          }
+        ]
+      }
     }
   }
 }