From 71f3ea0dfb3027705a0156be01883a27ce850664 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sun, 8 Sep 2024 12:03:17 +0000 Subject: [PATCH] Auto-Update: 2024-09-08T12:00:17.248194+00:00 --- CVE-2024/CVE-2024-85xx/CVE-2024-8573.json | 141 ++++++++++++++++++++++ CVE-2024/CVE-2024-85xx/CVE-2024-8574.json | 141 ++++++++++++++++++++++ README.md | 16 +-- _state.csv | 14 ++- 4 files changed, 296 insertions(+), 16 deletions(-) create mode 100644 CVE-2024/CVE-2024-85xx/CVE-2024-8573.json create mode 100644 CVE-2024/CVE-2024-85xx/CVE-2024-8574.json diff --git a/CVE-2024/CVE-2024-85xx/CVE-2024-8573.json b/CVE-2024/CVE-2024-85xx/CVE-2024-8573.json new file mode 100644 index 00000000000..3b266d8f1ad --- /dev/null +++ b/CVE-2024/CVE-2024-85xx/CVE-2024-8573.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2024-8573", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-09-08T10:15:01.907", + "lastModified": "2024-09-08T10:15:01.907", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207. This affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 8.7, + "baseSeverity": "HIGH" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "COMPLETE", + "integrityImpact": "COMPLETE", + "availabilityImpact": "COMPLETE", + "baseScore": 9.0 + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 8.0, + "impactScore": 10.0, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/noahze01/IoT-vulnerable/blob/main/TOTOLink/AC1200T8/setParentalRules.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.276807", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.276807", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.401262", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.totolink.net/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-85xx/CVE-2024-8574.json b/CVE-2024/CVE-2024-85xx/CVE-2024-8574.json new file mode 100644 index 00000000000..986482946b9 --- /dev/null +++ b/CVE-2024/CVE-2024-85xx/CVE-2024-8574.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2024-8574", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-09-08T11:15:10.430", + "lastModified": "2024-09-08T11:15:10.430", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220 and classified as critical. This vulnerability affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument slaveIpList leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/AC1200T8/setUpgradeFW.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.276808", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.276808", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.401289", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.totolink.net/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index c09dbf4807a..9a139376983 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-09-08T10:00:17.355852+00:00 +2024-09-08T12:00:17.248194+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-09-08T08:15:13.443000+00:00 +2024-09-08T11:15:10.430000+00:00 ``` ### Last Data Feed Release @@ -33,25 +33,21 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -262177 +262179 ``` ### CVEs added in the last Commit Recently added CVEs: `2` -- [CVE-2024-8571](CVE-2024/CVE-2024-85xx/CVE-2024-8571.json) (`2024-09-08T08:15:13.157`) -- [CVE-2024-8572](CVE-2024/CVE-2024-85xx/CVE-2024-8572.json) (`2024-09-08T08:15:13.443`) +- [CVE-2024-8573](CVE-2024/CVE-2024-85xx/CVE-2024-8573.json) (`2024-09-08T10:15:01.907`) +- [CVE-2024-8574](CVE-2024/CVE-2024-85xx/CVE-2024-8574.json) (`2024-09-08T11:15:10.430`) ### CVEs modified in the last Commit -Recently modified CVEs: `4` +Recently modified CVEs: `0` -- [CVE-2024-41096](CVE-2024/CVE-2024-410xx/CVE-2024-41096.json) (`2024-09-08T08:15:12.540`) -- [CVE-2024-43835](CVE-2024/CVE-2024-438xx/CVE-2024-43835.json) (`2024-09-08T08:15:12.870`) -- [CVE-2024-43859](CVE-2024/CVE-2024-438xx/CVE-2024-43859.json) (`2024-09-08T08:15:12.960`) -- [CVE-2024-44974](CVE-2024/CVE-2024-449xx/CVE-2024-44974.json) (`2024-09-08T08:15:13.053`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 87561ed0a4e..990dc4ede41 100644 --- a/_state.csv +++ b/_state.csv @@ -257270,7 +257270,7 @@ CVE-2024-41092,0,0,3c39b044ea5e355675d6fc317f55f869cf719acff5bdab05fd9abf02bf44d CVE-2024-41093,0,0,4ea05a79a95d172d19f70ea731b5f27982d494680f43de6cd04d5939fa17a543,2024-08-08T17:40:31.917000 CVE-2024-41094,0,0,fd3c100ca3cf33e414c8572772cb645c4163d4d9a6ad8085d9e85c0721dd0693,2024-08-22T13:15:40.843000 CVE-2024-41095,0,0,98a605be3304014b7bcfedec75080b0924875a65426f1c380d6fa3a9f53a567d,2024-08-08T17:40:57.760000 -CVE-2024-41096,0,1,380b567efa67b77a71ed1fc29233b828e2a8544af931856ed913e8fdba3486fe,2024-09-08T08:15:12.540000 +CVE-2024-41096,0,0,380b567efa67b77a71ed1fc29233b828e2a8544af931856ed913e8fdba3486fe,2024-09-08T08:15:12.540000 CVE-2024-41097,0,0,8ffa9b9e856e2e1225333d7bfce6fb672cf2f57b102ea514cd3f552a0421fd70,2024-08-22T13:14:48.640000 CVE-2024-41098,0,0,237dbea03703cdca512eadfee5b46e503b7d4deeacfff8f1388ee9743f950b5e,2024-09-04T12:15:04.447000 CVE-2024-41107,0,0,915f86d966f5052f8f4738594970b5192d92a928e05127ecefed6fd25d76d731,2024-08-01T13:58:18.103000 @@ -258689,7 +258689,7 @@ CVE-2024-43831,0,0,d2d2b5793f8c890b4b992408f65959bbc46269161bd855b4336fdc8262090 CVE-2024-43832,0,0,15442ca051ab0155fadf84dac6604a0024bcf8cf7f43b8779d15dbd2c77cba17,2024-08-19T12:59:59.177000 CVE-2024-43833,0,0,b30b83d76397439bef43f76504d35264f0368821411284c2b15462cf53f03404,2024-08-22T15:42:46.827000 CVE-2024-43834,0,0,76e2d6369e7d6ad23c4c79e5f16adb028cca8d18769694b501fae11b3f998575,2024-08-19T12:59:59.177000 -CVE-2024-43835,0,1,f7207f2568eff71ac42ae4cac012535525bcc9661cd039201d62360f915ce602,2024-09-08T08:15:12.870000 +CVE-2024-43835,0,0,f7207f2568eff71ac42ae4cac012535525bcc9661cd039201d62360f915ce602,2024-09-08T08:15:12.870000 CVE-2024-43836,0,0,e20113b16d82c5c2e4bb122ce52a725f5444590d487c2fb8daa577de32ce154c,2024-08-22T15:43:26.303000 CVE-2024-43837,0,0,2029cea2c86194c36b6c131e1ea74e1961ace80d0c79989b0fb86fab2b65d1ae,2024-08-22T15:44:03.417000 CVE-2024-43838,0,0,aea18ddc95b4597b8fcc9d42c5f12cf2294cab2381941209a829361028b9d783,2024-08-19T12:59:59.177000 @@ -258715,7 +258715,7 @@ CVE-2024-43855,0,0,b20a91fb4977616b14c0349af9fe6fdf38deab2ab7796fadba2ea00dab4f6 CVE-2024-43856,0,0,91d346c264b1a27e13a95a79650da4390a2d02a7cc5798231b8314954af3044d,2024-08-22T17:57:08.640000 CVE-2024-43857,0,0,1770874efc8d117e3bd251f738e88729b0ef15b20bed1182b733a19e974e06d4,2024-08-22T17:38:21.003000 CVE-2024-43858,0,0,af09898ffa278eaf458ba54f4590eb4fb3ade046d9a31e9697e73bd46738182b,2024-08-22T17:40:11.663000 -CVE-2024-43859,0,1,d2017aa06eb22b73b41fdb0b2be58c4edcb103ec7e32e9a84b9cc1ffdcd20c1b,2024-09-08T08:15:12.960000 +CVE-2024-43859,0,0,d2017aa06eb22b73b41fdb0b2be58c4edcb103ec7e32e9a84b9cc1ffdcd20c1b,2024-09-08T08:15:12.960000 CVE-2024-4386,0,0,731d04018d6299c9e1d8f7a212148a53db39578a94a703a0b90337f63dd3089f,2024-05-14T16:11:39.510000 CVE-2024-43860,0,0,09f701f7954bb547deb131405fc8454ea2909d63034fedfeaae4e6b22ac05cfc,2024-08-22T17:08:15.097000 CVE-2024-43861,0,0,5a1d04713921741af7ae123446a4fcf4f97544e2bdfc40bb136f534ebdfdcf13,2024-09-03T13:45:12.667000 @@ -259022,7 +259022,7 @@ CVE-2024-44970,0,0,70414797c7f1420a60b48e34277f5530ec1aa67aed6a07d8d2aaeded9223b CVE-2024-44971,0,0,44403d9889954211cee528d64ed0dc86351f6fa04277308e5630c2d58c6cab86,2024-09-05T17:54:36.607000 CVE-2024-44972,0,0,0b967112ef26e3fe5b0935b427f88208867173c88daf36aa5bd2c336c4f07e64,2024-09-05T12:53:21.110000 CVE-2024-44973,0,0,add414a58e878f3aee3366f7678bfde348bdae69c48419c508ba030f370d1ae1,2024-09-05T12:53:21.110000 -CVE-2024-44974,0,1,5c4270f642e1cb2246484442a2de410ef76345d072e18d07ef27612e1784eb31,2024-09-08T08:15:13.053000 +CVE-2024-44974,0,0,5c4270f642e1cb2246484442a2de410ef76345d072e18d07ef27612e1784eb31,2024-09-08T08:15:13.053000 CVE-2024-44975,0,0,012dcb6db335aa97afa1ef9268f931ab68a445b973fc3f10a7843af27070943c,2024-09-05T12:53:21.110000 CVE-2024-44976,0,0,8c7b930f69a8eac68da6855eedc8b3a97b1051cdf631749b93c2aaf1d2a28ef8,2024-09-05T12:53:21.110000 CVE-2024-44977,0,0,8267c668040f19c89ab2180e788476dee75d30c69bd18b77721b380cd5039fc4,2024-09-05T12:53:21.110000 @@ -262174,5 +262174,7 @@ CVE-2024-8567,0,0,128c1c03702479e16aeb74ac1d5ff777775df76bef6861dc5a90bc996a0ed9 CVE-2024-8568,0,0,4f947db17327204061a3cbd87b0e0e34fcde742e3d6be8f12c557585eebdd903,2024-09-08T03:15:01.833000 CVE-2024-8569,0,0,cddbad41d115b0e24f21900215e9a8424d8cd4b102bb78b99cdec197572a5219,2024-09-08T05:15:10.763000 CVE-2024-8570,0,0,81f0759069b3ea9299d0bb8ce9d4e5d6ff5dc8250f74bf869cce93ec5dcff888,2024-09-08T07:15:01.977000 -CVE-2024-8571,1,1,4b0212832637fc09d08559fac9a5f7c29a912232f1c3f5c1babf41ce57464ae5,2024-09-08T08:15:13.157000 -CVE-2024-8572,1,1,cce7dc5e1ed269ccfa18ad3557ca30ca7a8ba65c362c5f22fb757edf0c4a1bae,2024-09-08T08:15:13.443000 +CVE-2024-8571,0,0,4b0212832637fc09d08559fac9a5f7c29a912232f1c3f5c1babf41ce57464ae5,2024-09-08T08:15:13.157000 +CVE-2024-8572,0,0,cce7dc5e1ed269ccfa18ad3557ca30ca7a8ba65c362c5f22fb757edf0c4a1bae,2024-09-08T08:15:13.443000 +CVE-2024-8573,1,1,484e635dac50c7757dda7d82f3d424cde0770e935ae4d60ef3414a006860e4c3,2024-09-08T10:15:01.907000 +CVE-2024-8574,1,1,3feb7a09243a69f64c60218b17af890368ca0b5b4cf798662e02c55f39739523,2024-09-08T11:15:10.430000