{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-4301", "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "state": "PUBLISHED", "assignerShortName": "twcert", "dateReserved": "2024-04-29T03:23:13.243Z", "datePublished": "2024-04-29T04:01:24.051Z", "dateUpdated": "2024-08-01T20:33:53.191Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "N-Reporter firmware", "vendor": "N-Partner", "versions": [{"lessThan": "6.1.187", "status": "affected", "version": "earlier", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "N-Cloud firmware", "vendor": "N-Partner", "versions": [{"lessThan": "6.1.187", "status": "affected", "version": "earlier", "versionType": "custom"}]}], "datePublic": "2024-04-29T03:57:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "N-Reporter and N-Cloud, products of the N-Partner, have an OS Command Injection vulnerability. Remote attackers with normal user privilege can execute arbitrary system commands by manipulating user inputs on a specific page."}], "value": "N-Reporter and N-Cloud, products of the N-Partner, have an OS Command Injection vulnerability. Remote attackers with normal user privilege can execute arbitrary system commands by manipulating user inputs on a specific page."}], "impacts": [{"capecId": "CAPEC-88", "descriptions": [{"lang": "en", "value": "CAPEC-88 OS Command Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert", "dateUpdated": "2024-04-29T04:01:24.051Z"}, "references": [{"tags": ["third-party-advisory"], "url": "https://www.twcert.org.tw/tw/cp-132-7776-035ff-1.html"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update Firmware to 6.1.187 (20240216-1603) or later version"}], "value": "Update Firmware to 6.1.187 (20240216-1603) or later version"}], "source": {"advisory": "TVN-202404012", "discovery": "EXTERNAL"}, "title": "N-Reporter and N-Cloud from N-Partner - Os Command Injection", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-4301", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-04-29T14:55:10.560617Z"}}}], "affected": [{"cpes": ["cpe:2.3:h:n-partner:n-reporter_firmware:-:*:*:*:*:*:*:*"], "vendor": "n-partner", "product": "n-reporter_firmware", "versions": [{"status": "affected", "version": "-"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:n-partner:n-cloud_firmware:-:*:*:*:*:*:*:*"], "vendor": "n-partner", "product": "n-cloud_firmware", "versions": [{"status": "affected", "version": "-"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:54:15.243Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:33:53.191Z"}, "title": "CVE Program Container", "references": [{"tags": ["third-party-advisory", "x_transferred"], "url": "https://www.twcert.org.tw/tw/cp-132-7776-035ff-1.html"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-7776-035ff-1.html", "tags": ["third-party-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:33:53.191Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-4301", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-04-29T14:55:10.560617Z"}}}], "affected": [{"cpes": ["cpe:2.3:h:n-partner:n-reporter_firmware:-:*:*:*:*:*:*:*"], "vendor": "n-partner", "product": "n-reporter_firmware", "versions": [{"status": "affected", "version": "-"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:n-partner:n-cloud_firmware:-:*:*:*:*:*:*:*"], "vendor": "n-partner", "product": "n-cloud_firmware", "versions": [{"status": "affected", "version": "-"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-04-29T15:11:46.325Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "N-Reporter and N-Cloud from N-Partner - Os Command Injection", "source": {"advisory": "TVN-202404012", "discovery": "EXTERNAL"}, "impacts": [{"capecId": "CAPEC-88", "descriptions": [{"lang": "en", "value": "CAPEC-88 OS Command Injection"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "N-Partner", "product": "N-Reporter firmware", "versions": [{"status": "affected", "version": "earlier", "lessThan": "6.1.187", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "N-Partner", "product": "N-Cloud firmware", "versions": [{"status": "affected", "version": "earlier", "lessThan": "6.1.187", "versionType": "custom"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update Firmware to 6.1.187 (20240216-1603) or later version", "supportingMedia": [{"type": "text/html", "value": "Update Firmware to 6.1.187 (20240216-1603) or later version", "base64": false}]}], "datePublic": "2024-04-29T03:57:00.000Z", "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-7776-035ff-1.html", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "N-Reporter and N-Cloud, products of the N-Partner, have an OS Command Injection vulnerability. Remote attackers with normal user privilege can execute arbitrary system commands by manipulating user inputs on a specific page.", "supportingMedia": [{"type": "text/html", "value": "N-Reporter and N-Cloud, products of the N-Partner, have an OS Command Injection vulnerability. Remote attackers with normal user privilege can execute arbitrary system commands by manipulating user inputs on a specific page.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}], "providerMetadata": {"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert", "dateUpdated": "2024-04-29T04:01:24.051Z"}}}, "cveMetadata": {"cveId": "CVE-2024-4301", "state": "PUBLISHED", "dateUpdated": "2024-08-01T20:33:53.191Z", "dateReserved": "2024-04-29T03:23:13.243Z", "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "datePublished": "2024-04-29T04:01:24.051Z", "assignerShortName": "twcert"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "N-Reporter and N-Cloud, products of the N-Partner, have an OS Command Injection vulnerability. Remote attackers with normal user privilege can execute arbitrary system commands by manipulating user inputs on a specific page."}, {"lang": "es", "value": "N-Reporter y N-Cloud, productos de N-Partner, tienen una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo. Los atacantes remotos con privilegios de usuario normales pueden ejecutar comandos arbitrarios del sistema manipulando las entradas del usuario en una p\u00e1gina espec\u00edfica."}], "id": "CVE-2024-4301", "lastModified": "2024-11-21T09:42:34.573", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "twcert@cert.org.tw", "type": "Secondary"}]}, "published": "2024-04-29T04:15:09.110", "references": [{"source": "twcert@cert.org.tw", "url": "https://www.twcert.org.tw/tw/cp-132-7776-035ff-1.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.twcert.org.tw/tw/cp-132-7776-035ff-1.html"}], "sourceIdentifier": "twcert@cert.org.tw", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "twcert@cert.org.tw", "type": "Secondary"}]}

{}

{}