Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for MNVR816 by Mercury

    CVE-2024-8655 (GCVE-0-2024-8655)

    Vulnerability from nvd – Published: 2024-09-10 19:31 – Updated: 2024-09-12 13:43
    VLAI
    Title
    Mercury MNVR816 web-static file access
    Summary
    A vulnerability was found in Mercury MNVR816 up to 2.0.1.0.5. It has been classified as problematic. This affects an unknown part of the file /web-static/. The manipulation leads to files or directories accessible. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-552 - Files or Directories Accessible
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.276963 vdb-entry
    https://vuldb.com/?ctiid.276963 signaturepermissions-required
    https://vuldb.com/?submit.401301 third-party-advisory
    Impacted products
    Vendor Product Version
    Mercury MNVR816 Affected: 2.0.1.0.0
    Affected: 2.0.1.0.1
    Affected: 2.0.1.0.2
    Affected: 2.0.1.0.3
    Affected: 2.0.1.0.4
    Affected: 2.0.1.0.5
    Create a notification for this product.
    mercurycom mnvr816_firmware Affected: 2.0.1.0.0 , ≤ 2.0.1.0.5 (custom)
        cpe:2.3:o:mercurycom:mnvr816_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    leetmoon (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:mercurycom:mnvr816_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mnvr816_firmware",
                "vendor": "mercurycom",
                "versions": [
                  {
                    "lessThanOrEqual": "2.0.1.0.5",
                    "status": "affected",
                    "version": "2.0.1.0.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-8655",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-12T13:38:59.969361Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-12T13:43:51.121Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MNVR816",
              "vendor": "Mercury",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0.1.0.0"
                },
                {
                  "status": "affected",
                  "version": "2.0.1.0.1"
                },
                {
                  "status": "affected",
                  "version": "2.0.1.0.2"
                },
                {
                  "status": "affected",
                  "version": "2.0.1.0.3"
                },
                {
                  "status": "affected",
                  "version": "2.0.1.0.4"
                },
                {
                  "status": "affected",
                  "version": "2.0.1.0.5"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "leetmoon (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Mercury MNVR816 up to 2.0.1.0.5. It has been classified as problematic. This affects an unknown part of the file /web-static/. The manipulation leads to files or directories accessible. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Es wurde eine Schwachstelle in Mercury MNVR816 bis 2.0.1.0.5 ausgemacht. Sie wurde als problematisch eingestuft. Dabei betrifft es einen unbekannter Codeteil der Datei /web-static/. Mittels dem Manipulieren mit unbekannten Daten kann eine files or directories accessible-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-552",
                  "description": "CWE-552 Files or Directories Accessible",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-10T19:31:04.014Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-276963 | Mercury MNVR816 web-static file access",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/?id.276963"
            },
            {
              "name": "VDB-276963 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.276963"
            },
            {
              "name": "Submit #401301 | Mercury MNVR816 Video Recorder 2.0.1.0.5 File and Directory Information Exposure",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.401301"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-09-10T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-09-10T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-09-10T15:16:22.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Mercury MNVR816 web-static file access"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-8655",
        "datePublished": "2024-09-10T19:31:04.014Z",
        "dateReserved": "2024-09-10T13:11:16.184Z",
        "dateUpdated": "2024-09-12T13:43:51.121Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-8655 (GCVE-0-2024-8655)

    Vulnerability from cvelistv5 – Published: 2024-09-10 19:31 – Updated: 2024-09-12 13:43
    VLAI
    Title
    Mercury MNVR816 web-static file access
    Summary
    A vulnerability was found in Mercury MNVR816 up to 2.0.1.0.5. It has been classified as problematic. This affects an unknown part of the file /web-static/. The manipulation leads to files or directories accessible. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-552 - Files or Directories Accessible
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.276963 vdb-entry
    https://vuldb.com/?ctiid.276963 signaturepermissions-required
    https://vuldb.com/?submit.401301 third-party-advisory
    Impacted products
    Vendor Product Version
    Mercury MNVR816 Affected: 2.0.1.0.0
    Affected: 2.0.1.0.1
    Affected: 2.0.1.0.2
    Affected: 2.0.1.0.3
    Affected: 2.0.1.0.4
    Affected: 2.0.1.0.5
    Create a notification for this product.
    mercurycom mnvr816_firmware Affected: 2.0.1.0.0 , ≤ 2.0.1.0.5 (custom)
        cpe:2.3:o:mercurycom:mnvr816_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    leetmoon (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:mercurycom:mnvr816_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mnvr816_firmware",
                "vendor": "mercurycom",
                "versions": [
                  {
                    "lessThanOrEqual": "2.0.1.0.5",
                    "status": "affected",
                    "version": "2.0.1.0.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-8655",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-12T13:38:59.969361Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-12T13:43:51.121Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MNVR816",
              "vendor": "Mercury",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0.1.0.0"
                },
                {
                  "status": "affected",
                  "version": "2.0.1.0.1"
                },
                {
                  "status": "affected",
                  "version": "2.0.1.0.2"
                },
                {
                  "status": "affected",
                  "version": "2.0.1.0.3"
                },
                {
                  "status": "affected",
                  "version": "2.0.1.0.4"
                },
                {
                  "status": "affected",
                  "version": "2.0.1.0.5"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "leetmoon (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Mercury MNVR816 up to 2.0.1.0.5. It has been classified as problematic. This affects an unknown part of the file /web-static/. The manipulation leads to files or directories accessible. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Es wurde eine Schwachstelle in Mercury MNVR816 bis 2.0.1.0.5 ausgemacht. Sie wurde als problematisch eingestuft. Dabei betrifft es einen unbekannter Codeteil der Datei /web-static/. Mittels dem Manipulieren mit unbekannten Daten kann eine files or directories accessible-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-552",
                  "description": "CWE-552 Files or Directories Accessible",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-10T19:31:04.014Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-276963 | Mercury MNVR816 web-static file access",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/?id.276963"
            },
            {
              "name": "VDB-276963 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.276963"
            },
            {
              "name": "Submit #401301 | Mercury MNVR816 Video Recorder 2.0.1.0.5 File and Directory Information Exposure",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.401301"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-09-10T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-09-10T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-09-10T15:16:22.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Mercury MNVR816 web-static file access"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-8655",
        "datePublished": "2024-09-10T19:31:04.014Z",
        "dateReserved": "2024-09-10T13:11:16.184Z",
        "dateUpdated": "2024-09-12T13:43:51.121Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }