From 62a4b4717f377e0ecb83a71826edff8be334fc81 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sun, 8 Sep 2024 22:03:16 +0000 Subject: [PATCH] Auto-Update: 2024-09-08T22:00:17.420278+00:00 --- CVE-2024/CVE-2024-85xx/CVE-2024-8579.json | 141 ++++++++++++++++++++++ CVE-2024/CVE-2024-85xx/CVE-2024-8580.json | 141 ++++++++++++++++++++++ README.md | 13 +- _state.csv | 8 +- 4 files changed, 293 insertions(+), 10 deletions(-) create mode 100644 CVE-2024/CVE-2024-85xx/CVE-2024-8579.json create mode 100644 CVE-2024/CVE-2024-85xx/CVE-2024-8580.json diff --git a/CVE-2024/CVE-2024-85xx/CVE-2024-8579.json b/CVE-2024/CVE-2024-85xx/CVE-2024-8579.json new file mode 100644 index 00000000000..08ecaede325 --- /dev/null +++ b/CVE-2024/CVE-2024-85xx/CVE-2024-8579.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2024-8579", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-09-08T20:15:01.757", + "lastModified": "2024-09-08T20:15:01.757", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical has been found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220. This affects the function setWiFiRepeaterCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 8.7, + "baseSeverity": "HIGH" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "COMPLETE", + "integrityImpact": "COMPLETE", + "availabilityImpact": "COMPLETE", + "baseScore": 9.0 + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 8.0, + "impactScore": 10.0, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/AC1200T8/setWiFiRepeaterCfg.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.276813", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.276813", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.401292", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.totolink.net/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-85xx/CVE-2024-8580.json b/CVE-2024/CVE-2024-85xx/CVE-2024-8580.json new file mode 100644 index 00000000000..17bfa758a74 --- /dev/null +++ b/CVE-2024/CVE-2024-85xx/CVE-2024-8580.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2024-8580", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-09-08T21:15:11.107", + "lastModified": "2024-09-08T21:15:11.107", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical was found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220. This vulnerability affects unknown code of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 9.2, + "baseSeverity": "CRITICAL" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", + "accessVector": "NETWORK", + "accessComplexity": "HIGH", + "authentication": "NONE", + "confidentialityImpact": "COMPLETE", + "integrityImpact": "COMPLETE", + "availabilityImpact": "COMPLETE", + "baseScore": 7.6 + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 4.9, + "impactScore": 10.0, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-259" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/AC1200T8/shadow.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.276814", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.276814", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.401293", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.totolink.net/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index e6932a476b1..168cfef3238 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-09-08T20:00:17.678329+00:00 +2024-09-08T22:00:17.420278+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-09-08T19:15:10.453000+00:00 +2024-09-08T21:15:11.107000+00:00 ``` ### Last Data Feed Release @@ -33,16 +33,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -262186 +262188 ``` ### CVEs added in the last Commit -Recently added CVEs: `3` +Recently added CVEs: `2` -- [CVE-2024-8576](CVE-2024/CVE-2024-85xx/CVE-2024-8576.json) (`2024-09-08T18:15:02.313`) -- [CVE-2024-8577](CVE-2024/CVE-2024-85xx/CVE-2024-8577.json) (`2024-09-08T19:15:10.203`) -- [CVE-2024-8578](CVE-2024/CVE-2024-85xx/CVE-2024-8578.json) (`2024-09-08T19:15:10.453`) +- [CVE-2024-8579](CVE-2024/CVE-2024-85xx/CVE-2024-8579.json) (`2024-09-08T20:15:01.757`) +- [CVE-2024-8580](CVE-2024/CVE-2024-85xx/CVE-2024-8580.json) (`2024-09-08T21:15:11.107`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index 498279790d1..d3934650b58 100644 --- a/_state.csv +++ b/_state.csv @@ -262182,6 +262182,8 @@ CVE-2024-8572,0,0,cce7dc5e1ed269ccfa18ad3557ca30ca7a8ba65c362c5f22fb757edf0c4a1b CVE-2024-8573,0,0,484e635dac50c7757dda7d82f3d424cde0770e935ae4d60ef3414a006860e4c3,2024-09-08T10:15:01.907000 CVE-2024-8574,0,0,3feb7a09243a69f64c60218b17af890368ca0b5b4cf798662e02c55f39739523,2024-09-08T11:15:10.430000 CVE-2024-8575,0,0,ec1fdeba2871df6b452fe0ccfb46639256233d83150008ae3df8d0380d95b64e,2024-09-08T17:15:11.390000 -CVE-2024-8576,1,1,e1173057a196766e23052cf5e0607f5479bf3b994b34d207bac87d882850685e,2024-09-08T18:15:02.313000 -CVE-2024-8577,1,1,7e19f869da858c71f188f1aba64823211fbfcb78762c13a67465bf76b5224168,2024-09-08T19:15:10.203000 -CVE-2024-8578,1,1,096a1f14d0a119f5932979be87d621e12c47c1551f8cee469b1237e2adddf609,2024-09-08T19:15:10.453000 +CVE-2024-8576,0,0,e1173057a196766e23052cf5e0607f5479bf3b994b34d207bac87d882850685e,2024-09-08T18:15:02.313000 +CVE-2024-8577,0,0,7e19f869da858c71f188f1aba64823211fbfcb78762c13a67465bf76b5224168,2024-09-08T19:15:10.203000 +CVE-2024-8578,0,0,096a1f14d0a119f5932979be87d621e12c47c1551f8cee469b1237e2adddf609,2024-09-08T19:15:10.453000 +CVE-2024-8579,1,1,5b61fca3e6c62da900f6cfe3722e02a65bb60603a5a7075ee6954ad16df05285,2024-09-08T20:15:01.757000 +CVE-2024-8580,1,1,83fb66279dff8ea011f4d5d88b4febe2733dd0448e87ae4ecd8fa9527098cba7,2024-09-08T21:15:11.107000