admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 03:27:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-09-08T12:00:17.248194+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-09-08 12:03:17 +00:00
parent 19e0f5e4a4
commit 71f3ea0dfb
4 changed files with 296 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

141
CVE-2024/CVE-2024-85xx/CVE-2024-8573.json Normal file
View File

@ -0,0 +1,141 @@
{
"id": "CVE-2024-8573",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-09-08T10:15:01.907",
"lastModified": "2024-09-08T10:15:01.907",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207. This affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 8.7,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0
},
"baseSeverity": "HIGH",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"references": [
{
"url": "https://github.com/noahze01/IoT-vulnerable/blob/main/TOTOLink/AC1200T8/setParentalRules.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.276807",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.276807",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.401262",
"source": "cna@vuldb.com"
},
{
"url": "https://www.totolink.net/",
"source": "cna@vuldb.com"
}
]
}

141
CVE-2024/CVE-2024-85xx/CVE-2024-8574.json Normal file
View File

@ -0,0 +1,141 @@
{
"id": "CVE-2024-8574",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-09-08T11:15:10.430",
"lastModified": "2024-09-08T11:15:10.430",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220 and classified as critical. This vulnerability affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument slaveIpList leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/AC1200T8/setUpgradeFW.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.276808",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.276808",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.401289",
"source": "cna@vuldb.com"
},
{
"url": "https://www.totolink.net/",
"source": "cna@vuldb.com"
}
]
}

16
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-09-08T10:00:17.355852+00:00
2024-09-08T12:00:17.248194+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-09-08T08:15:13.443000+00:00
2024-09-08T11:15:10.430000+00:00
```
### Last Data Feed Release
@ -33,25 +33,21 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
262177
262179
```
### CVEs added in the last Commit
Recently added CVEs: `2`
- [CVE-2024-8571](CVE-2024/CVE-2024-85xx/CVE-2024-8571.json) (`2024-09-08T08:15:13.157`)
- [CVE-2024-8572](CVE-2024/CVE-2024-85xx/CVE-2024-8572.json) (`2024-09-08T08:15:13.443`)
- [CVE-2024-8573](CVE-2024/CVE-2024-85xx/CVE-2024-8573.json) (`2024-09-08T10:15:01.907`)
- [CVE-2024-8574](CVE-2024/CVE-2024-85xx/CVE-2024-8574.json) (`2024-09-08T11:15:10.430`)
### CVEs modified in the last Commit
Recently modified CVEs: `4`
Recently modified CVEs: `0`
- [CVE-2024-41096](CVE-2024/CVE-2024-410xx/CVE-2024-41096.json) (`2024-09-08T08:15:12.540`)
- [CVE-2024-43835](CVE-2024/CVE-2024-438xx/CVE-2024-43835.json) (`2024-09-08T08:15:12.870`)
- [CVE-2024-43859](CVE-2024/CVE-2024-438xx/CVE-2024-43859.json) (`2024-09-08T08:15:12.960`)
- [CVE-2024-44974](CVE-2024/CVE-2024-449xx/CVE-2024-44974.json) (`2024-09-08T08:15:13.053`)
## Download and Usage

14
_state.csv
View File

@ -257270,7 +257270,7 @@ CVE-2024-41092,0,0,3c39b044ea5e355675d6fc317f55f869cf719acff5bdab05fd9abf02bf44d
CVE-2024-41093,0,0,4ea05a79a95d172d19f70ea731b5f27982d494680f43de6cd04d5939fa17a543,2024-08-08T17:40:31.917000
CVE-2024-41094,0,0,fd3c100ca3cf33e414c8572772cb645c4163d4d9a6ad8085d9e85c0721dd0693,2024-08-22T13:15:40.843000
CVE-2024-41095,0,0,98a605be3304014b7bcfedec75080b0924875a65426f1c380d6fa3a9f53a567d,2024-08-08T17:40:57.760000
CVE-2024-41096,0,1,380b567efa67b77a71ed1fc29233b828e2a8544af931856ed913e8fdba3486fe,2024-09-08T08:15:12.540000
CVE-2024-41096,0,0,380b567efa67b77a71ed1fc29233b828e2a8544af931856ed913e8fdba3486fe,2024-09-08T08:15:12.540000
CVE-2024-41097,0,0,8ffa9b9e856e2e1225333d7bfce6fb672cf2f57b102ea514cd3f552a0421fd70,2024-08-22T13:14:48.640000
CVE-2024-41098,0,0,237dbea03703cdca512eadfee5b46e503b7d4deeacfff8f1388ee9743f950b5e,2024-09-04T12:15:04.447000
CVE-2024-41107,0,0,915f86d966f5052f8f4738594970b5192d92a928e05127ecefed6fd25d76d731,2024-08-01T13:58:18.103000
@ -258689,7 +258689,7 @@ CVE-2024-43831,0,0,d2d2b5793f8c890b4b992408f65959bbc46269161bd855b4336fdc8262090
CVE-2024-43832,0,0,15442ca051ab0155fadf84dac6604a0024bcf8cf7f43b8779d15dbd2c77cba17,2024-08-19T12:59:59.177000
CVE-2024-43833,0,0,b30b83d76397439bef43f76504d35264f0368821411284c2b15462cf53f03404,2024-08-22T15:42:46.827000
CVE-2024-43834,0,0,76e2d6369e7d6ad23c4c79e5f16adb028cca8d18769694b501fae11b3f998575,2024-08-19T12:59:59.177000
CVE-2024-43835,0,1,f7207f2568eff71ac42ae4cac012535525bcc9661cd039201d62360f915ce602,2024-09-08T08:15:12.870000
CVE-2024-43835,0,0,f7207f2568eff71ac42ae4cac012535525bcc9661cd039201d62360f915ce602,2024-09-08T08:15:12.870000
CVE-2024-43836,0,0,e20113b16d82c5c2e4bb122ce52a725f5444590d487c2fb8daa577de32ce154c,2024-08-22T15:43:26.303000
CVE-2024-43837,0,0,2029cea2c86194c36b6c131e1ea74e1961ace80d0c79989b0fb86fab2b65d1ae,2024-08-22T15:44:03.417000
CVE-2024-43838,0,0,aea18ddc95b4597b8fcc9d42c5f12cf2294cab2381941209a829361028b9d783,2024-08-19T12:59:59.177000
@ -258715,7 +258715,7 @@ CVE-2024-43855,0,0,b20a91fb4977616b14c0349af9fe6fdf38deab2ab7796fadba2ea00dab4f6
CVE-2024-43856,0,0,91d346c264b1a27e13a95a79650da4390a2d02a7cc5798231b8314954af3044d,2024-08-22T17:57:08.640000
CVE-2024-43857,0,0,1770874efc8d117e3bd251f738e88729b0ef15b20bed1182b733a19e974e06d4,2024-08-22T17:38:21.003000
CVE-2024-43858,0,0,af09898ffa278eaf458ba54f4590eb4fb3ade046d9a31e9697e73bd46738182b,2024-08-22T17:40:11.663000
CVE-2024-43859,0,1,d2017aa06eb22b73b41fdb0b2be58c4edcb103ec7e32e9a84b9cc1ffdcd20c1b,2024-09-08T08:15:12.960000
CVE-2024-43859,0,0,d2017aa06eb22b73b41fdb0b2be58c4edcb103ec7e32e9a84b9cc1ffdcd20c1b,2024-09-08T08:15:12.960000
CVE-2024-4386,0,0,731d04018d6299c9e1d8f7a212148a53db39578a94a703a0b90337f63dd3089f,2024-05-14T16:11:39.510000
CVE-2024-43860,0,0,09f701f7954bb547deb131405fc8454ea2909d63034fedfeaae4e6b22ac05cfc,2024-08-22T17:08:15.097000
CVE-2024-43861,0,0,5a1d04713921741af7ae123446a4fcf4f97544e2bdfc40bb136f534ebdfdcf13,2024-09-03T13:45:12.667000
@ -259022,7 +259022,7 @@ CVE-2024-44970,0,0,70414797c7f1420a60b48e34277f5530ec1aa67aed6a07d8d2aaeded9223b
CVE-2024-44971,0,0,44403d9889954211cee528d64ed0dc86351f6fa04277308e5630c2d58c6cab86,2024-09-05T17:54:36.607000
CVE-2024-44972,0,0,0b967112ef26e3fe5b0935b427f88208867173c88daf36aa5bd2c336c4f07e64,2024-09-05T12:53:21.110000
CVE-2024-44973,0,0,add414a58e878f3aee3366f7678bfde348bdae69c48419c508ba030f370d1ae1,2024-09-05T12:53:21.110000
CVE-2024-44974,0,1,5c4270f642e1cb2246484442a2de410ef76345d072e18d07ef27612e1784eb31,2024-09-08T08:15:13.053000
CVE-2024-44974,0,0,5c4270f642e1cb2246484442a2de410ef76345d072e18d07ef27612e1784eb31,2024-09-08T08:15:13.053000
CVE-2024-44975,0,0,012dcb6db335aa97afa1ef9268f931ab68a445b973fc3f10a7843af27070943c,2024-09-05T12:53:21.110000
CVE-2024-44976,0,0,8c7b930f69a8eac68da6855eedc8b3a97b1051cdf631749b93c2aaf1d2a28ef8,2024-09-05T12:53:21.110000
CVE-2024-44977,0,0,8267c668040f19c89ab2180e788476dee75d30c69bd18b77721b380cd5039fc4,2024-09-05T12:53:21.110000
@ -262174,5 +262174,7 @@ CVE-2024-8567,0,0,128c1c03702479e16aeb74ac1d5ff777775df76bef6861dc5a90bc996a0ed9
CVE-2024-8568,0,0,4f947db17327204061a3cbd87b0e0e34fcde742e3d6be8f12c557585eebdd903,2024-09-08T03:15:01.833000
CVE-2024-8569,0,0,cddbad41d115b0e24f21900215e9a8424d8cd4b102bb78b99cdec197572a5219,2024-09-08T05:15:10.763000
CVE-2024-8570,0,0,81f0759069b3ea9299d0bb8ce9d4e5d6ff5dc8250f74bf869cce93ec5dcff888,2024-09-08T07:15:01.977000
CVE-2024-8571,1,1,4b0212832637fc09d08559fac9a5f7c29a912232f1c3f5c1babf41ce57464ae5,2024-09-08T08:15:13.157000
CVE-2024-8572,1,1,cce7dc5e1ed269ccfa18ad3557ca30ca7a8ba65c362c5f22fb757edf0c4a1bae,2024-09-08T08:15:13.443000
CVE-2024-8571,0,0,4b0212832637fc09d08559fac9a5f7c29a912232f1c3f5c1babf41ce57464ae5,2024-09-08T08:15:13.157000
CVE-2024-8572,0,0,cce7dc5e1ed269ccfa18ad3557ca30ca7a8ba65c362c5f22fb757edf0c4a1bae,2024-09-08T08:15:13.443000
CVE-2024-8573,1,1,484e635dac50c7757dda7d82f3d424cde0770e935ae4d60ef3414a006860e4c3,2024-09-08T10:15:01.907000
CVE-2024-8574,1,1,3feb7a09243a69f64c60218b17af890368ca0b5b4cf798662e02c55f39739523,2024-09-08T11:15:10.430000

Can't render this file because it is too large.