{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-8655", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2024-09-10T13:11:16.184Z", "datePublished": "2024-09-10T19:31:04.014Z", "dateUpdated": "2024-09-12T13:43:51.121Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-09-10T19:31:04.014Z"}, "title": "Mercury MNVR816 web-static file access", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-552", "lang": "en", "description": "CWE-552 Files or Directories Accessible"}]}], "affected": [{"vendor": "Mercury", "product": "MNVR816", "versions": [{"version": "2.0.1.0.0", "status": "affected"}, {"version": "2.0.1.0.1", "status": "affected"}, {"version": "2.0.1.0.2", "status": "affected"}, {"version": "2.0.1.0.3", "status": "affected"}, {"version": "2.0.1.0.4", "status": "affected"}, {"version": "2.0.1.0.5", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Mercury MNVR816 up to 2.0.1.0.5. It has been classified as problematic. This affects an unknown part of the file /web-static/. The manipulation leads to files or directories accessible. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "Es wurde eine Schwachstelle in Mercury MNVR816 bis 2.0.1.0.5 ausgemacht. Sie wurde als problematisch eingestuft. Dabei betrifft es einen unbekannter Codeteil der Datei /web-static/. Mittels dem Manipulieren mit unbekannten Daten kann eine files or directories accessible-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "timeline": [{"time": "2024-09-10T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2024-09-10T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2024-09-10T15:16:22.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "leetmoon (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.276963", "name": "VDB-276963 | Mercury MNVR816 web-static file access", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.276963", "name": "VDB-276963 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.401301", "name": "Submit #401301 | Mercury MNVR816 Video Recorder 2.0.1.0.5 File and Directory Information Exposure", "tags": ["third-party-advisory"]}]}, "adp": [{"affected": [{"vendor": "mercurycom", "product": "mnvr816_firmware", "cpes": ["cpe:2.3:o:mercurycom:mnvr816_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "2.0.1.0.0", "status": "affected", "lessThanOrEqual": "2.0.1.0.5", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-12T13:38:59.969361Z", "id": "CVE-2024-8655", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-12T13:43:51.121Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-8655", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-12T13:38:59.969361Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:mercurycom:mnvr816_firmware:*:*:*:*:*:*:*:*"], "vendor": "mercurycom", "product": "mnvr816_firmware", "versions": [{"status": "affected", "version": "2.0.1.0.0", "versionType": "custom", "lessThanOrEqual": "2.0.1.0.5"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-12T13:43:29.383Z"}}], "cna": {"title": "Mercury MNVR816 web-static file access", "credits": [{"lang": "en", "type": "reporter", "value": "leetmoon (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "affected": [{"vendor": "Mercury", "product": "MNVR816", "versions": [{"status": "affected", "version": "2.0.1.0.0"}, {"status": "affected", "version": "2.0.1.0.1"}, {"status": "affected", "version": "2.0.1.0.2"}, {"status": "affected", "version": "2.0.1.0.3"}, {"status": "affected", "version": "2.0.1.0.4"}, {"status": "affected", "version": "2.0.1.0.5"}]}], "timeline": [{"lang": "en", "time": "2024-09-10T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2024-09-10T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2024-09-10T15:16:22.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.276963", "name": "VDB-276963 | Mercury MNVR816 web-static file access", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.276963", "name": "VDB-276963 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.401301", "name": "Submit #401301 | Mercury MNVR816 Video Recorder 2.0.1.0.5 File and Directory Information Exposure", "tags": ["third-party-advisory"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Mercury MNVR816 up to 2.0.1.0.5. It has been classified as problematic. This affects an unknown part of the file /web-static/. The manipulation leads to files or directories accessible. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "Es wurde eine Schwachstelle in Mercury MNVR816 bis 2.0.1.0.5 ausgemacht. Sie wurde als problematisch eingestuft. Dabei betrifft es einen unbekannter Codeteil der Datei /web-static/. Mittels dem Manipulieren mit unbekannten Daten kann eine files or directories accessible-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-552", "description": "CWE-552 Files or Directories Accessible"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-09-10T19:31:04.014Z"}}}, "cveMetadata": {"cveId": "CVE-2024-8655", "state": "PUBLISHED", "dateUpdated": "2024-09-12T13:43:51.121Z", "dateReserved": "2024-09-10T13:11:16.184Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2024-09-10T19:31:04.014Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Mercury MNVR816 up to 2.0.1.0.5. It has been classified as problematic. This affects an unknown part of the file /web-static/. The manipulation leads to files or directories accessible. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "es", "value": "Se ha detectado una vulnerabilidad en Mercury MNVR816 hasta la versi\u00f3n 2.0.1.0.5. Se ha clasificado como problem\u00e1tica. Afecta a una parte desconocida del archivo /web-static/. La manipulaci\u00f3n hace que se pueda acceder a archivos o directorios. Es posible iniciar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. Se contact\u00f3 primeramente con el proveedor sobre esta revelaci\u00f3n, pero no respondi\u00f3 de ninguna manera."}], "id": "CVE-2024-8655", "lastModified": "2024-09-11T16:26:11.920", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "NONE", "vulnerableSystemConfidentiality": "LOW", "vulnerableSystemIntegrity": "NONE"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2024-09-10T20:15:05.440", "references": [{"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.276963"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.276963"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.401301"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-552"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}