Auto-Update: 2024-09-08T18:00:16.739562+00:00

2025-07-09 16:05:11 +00:00 · 2024-09-08 18:03:15 +00:00 · 2024-09-08 18:03:15 +00:00 · e23e958cdf
commit e23e958cdf
parent 59634f5939
3 changed files with 152 additions and 13 deletions
--- a/CVE-2024/CVE-2024-85xx/CVE-2024-8575.json
+++ b/CVE-2024/CVE-2024-85xx/CVE-2024-8575.json
@ -0,0 +1,141 @@
+{
+  "id": "CVE-2024-8575",
+  "sourceIdentifier": "cna@vuldb.com",
+  "published": "2024-09-08T17:15:11.390",
+  "lastModified": "2024-09-08T17:15:11.390",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220 and classified as critical. This issue affects the function setWiFiScheduleCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV40": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "4.0",
+          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "attackRequirements": "NONE",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "vulnerableSystemConfidentiality": "HIGH",
+          "vulnerableSystemIntegrity": "HIGH",
+          "vulnerableSystemAvailability": "HIGH",
+          "subsequentSystemConfidentiality": "NONE",
+          "subsequentSystemIntegrity": "NONE",
+          "subsequentSystemAvailability": "NONE",
+          "exploitMaturity": "NOT_DEFINED",
+          "confidentialityRequirements": "NOT_DEFINED",
+          "integrityRequirements": "NOT_DEFINED",
+          "availabilityRequirements": "NOT_DEFINED",
+          "modifiedAttackVector": "NOT_DEFINED",
+          "modifiedAttackComplexity": "NOT_DEFINED",
+          "modifiedAttackRequirements": "NOT_DEFINED",
+          "modifiedPrivilegesRequired": "NOT_DEFINED",
+          "modifiedUserInteraction": "NOT_DEFINED",
+          "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
+          "modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
+          "modifiedVulnerableSystemAvailability": "NOT_DEFINED",
+          "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
+          "modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
+          "modifiedSubsequentSystemAvailability": "NOT_DEFINED",
+          "safety": "NOT_DEFINED",
+          "automatable": "NOT_DEFINED",
+          "recovery": "NOT_DEFINED",
+          "valueDensity": "NOT_DEFINED",
+          "vulnerabilityResponseEffort": "NOT_DEFINED",
+          "providerUrgency": "NOT_DEFINED",
+          "baseScore": 8.7,
+          "baseSeverity": "HIGH"
+        }
+      }
+    ],
+    "cvssMetricV31": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 8.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 5.9
+      }
+    ],
+    "cvssMetricV2": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "2.0",
+          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
+          "accessVector": "NETWORK",
+          "accessComplexity": "LOW",
+          "authentication": "SINGLE",
+          "confidentialityImpact": "COMPLETE",
+          "integrityImpact": "COMPLETE",
+          "availabilityImpact": "COMPLETE",
+          "baseScore": 9.0
+        },
+        "baseSeverity": "HIGH",
+        "exploitabilityScore": 8.0,
+        "impactScore": 10.0,
+        "acInsufInfo": false,
+        "obtainAllPrivilege": false,
+        "obtainUserPrivilege": false,
+        "obtainOtherPrivilege": false,
+        "userInteractionRequired": false
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cna@vuldb.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-120"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/noahze01/IoT-vulnerable/blob/main/TOTOLink/AC1200T8/setWiFiScheduleCfg.md",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?ctiid.276809",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?id.276809",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?submit.401263",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://www.totolink.net/",
+      "source": "cna@vuldb.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-09-08T14:00:17.074471+00:00
+2024-09-08T18:00:16.739562+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-09-08T12:15:10.890000+00:00
+2024-09-08T17:15:11.390000+00:00
 ```

 ### Last Data Feed Release
@ -33,23 +33,20 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-262182
+262183
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `3`
+Recently added CVEs: `1`

- [CVE-2024-42341](CVE-2024/CVE-2024-423xx/CVE-2024-42341.json) (`2024-09-08T12:15:10.427`)
- [CVE-2024-42342](CVE-2024/CVE-2024-423xx/CVE-2024-42342.json) (`2024-09-08T12:15:10.663`)
- [CVE-2024-42343](CVE-2024/CVE-2024-423xx/CVE-2024-42343.json) (`2024-09-08T12:15:10.890`)
+- [CVE-2024-8575](CVE-2024/CVE-2024-85xx/CVE-2024-8575.json) (`2024-09-08T17:15:11.390`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `1`
+Recently modified CVEs: `0`

- [CVE-2024-42334](CVE-2024/CVE-2024-423xx/CVE-2024-42334.json) (`2024-09-08T12:15:09.880`)


 ## Download and Usage
--- a/_state.csv
+++ b/_state.csv
@ -257993,7 +257993,7 @@ CVE-2024-42320,0,0,3bb9745120c3e683aefbafbca3ae9140002adac221663a12333f744da45f1
 CVE-2024-42321,0,0,1716db5db6c984bf2ebbd691b80440a9181fa253c6bc8c5d00954d830484e312,2024-08-19T12:59:59.177000
 CVE-2024-42322,0,0,2accb2a45b605eba549de2a0c83236102f9dab689f1b61dc800f0c45a0f92db4,2024-08-19T12:59:59.177000
 CVE-2024-4233,0,0,e3336c43dd885f8db6271cd8e49f7796169d1b724e733d53d39e8dcd56cab238,2024-05-08T17:05:24.083000
-CVE-2024-42334,0,1,bde83a8b3e1fda08d590302dc4b567a00367ef315528bceb61555d7d23e4876c,2024-09-08T12:15:09.880000
+CVE-2024-42334,0,0,bde83a8b3e1fda08d590302dc4b567a00367ef315528bceb61555d7d23e4876c,2024-09-08T12:15:09.880000
 CVE-2024-42335,0,0,2b9b97973dd654c6eb68cc221bad7788b92938b457385b73625ca969f07db996,2024-08-21T13:49:19.863000
 CVE-2024-42336,0,0,74e57bfa6ceb0764665eac825d78f0a67cb52357a0fbd794d7fcb504d5103724,2024-08-27T14:59:38.100000
 CVE-2024-42337,0,0,76aed1566fc52b0e12514551ebbf6ae5c8fcd5dc1022f916f44ed893b78ec187,2024-08-30T19:47:49.993000
@ -258001,9 +258001,9 @@ CVE-2024-42338,0,0,1c166daf89824e931f66e0595fb5e5754e965336c9788e410016199689669
 CVE-2024-42339,0,0,0f64f5dc7b4d98f934a7a3631edfea2fcfdfd750cae95143817c35e5cf790c70,2024-08-30T19:47:13.743000
 CVE-2024-4234,0,0,18c98986f4d0c323ca7a76881b57d07f11d740fced15b647da44016411c790ed,2024-04-26T15:32:22.523000
 CVE-2024-42340,0,0,708aac03ef44aeea471e9a045b752e905888f9d429c0c9806a766c67411a6e38,2024-08-30T19:47:36
-CVE-2024-42341,1,1,7027bef93dfed93ec135140e6e2a911166114baf146d87f15ff43c72ee02d63d,2024-09-08T12:15:10.427000
-CVE-2024-42342,1,1,e49b1c9360a5a913c93778ed2b054958b429663dd126895a65625749f7519d33,2024-09-08T12:15:10.663000
-CVE-2024-42343,1,1,31370171aa70e0a20597cb1895579d203c4c22926cb47eb327d29ca625f8d363,2024-09-08T12:15:10.890000
+CVE-2024-42341,0,0,7027bef93dfed93ec135140e6e2a911166114baf146d87f15ff43c72ee02d63d,2024-09-08T12:15:10.427000
+CVE-2024-42342,0,0,e49b1c9360a5a913c93778ed2b054958b429663dd126895a65625749f7519d33,2024-09-08T12:15:10.663000
+CVE-2024-42343,0,0,31370171aa70e0a20597cb1895579d203c4c22926cb47eb327d29ca625f8d363,2024-09-08T12:15:10.890000
 CVE-2024-42347,0,0,9d56c3d6f460e2251d08d50a3e874b7efeb364cadb050367418d1be0b31e15cb,2024-08-12T18:52:08.163000
 CVE-2024-42348,0,0,9049ba06c12fadbe924de4e1d7650091813be7f3a3306b9434f7ebd8620eed32,2024-08-05T12:41:45.957000
 CVE-2024-42349,0,0,7c83a1a3a31095b7c061367c56e1e2185d3951ede9de2f7c2b93de97074131bc,2024-08-05T12:41:45.957000
@ -262181,3 +262181,4 @@ CVE-2024-8571,0,0,4b0212832637fc09d08559fac9a5f7c29a912232f1c3f5c1babf41ce57464a
 CVE-2024-8572,0,0,cce7dc5e1ed269ccfa18ad3557ca30ca7a8ba65c362c5f22fb757edf0c4a1bae,2024-09-08T08:15:13.443000
 CVE-2024-8573,0,0,484e635dac50c7757dda7d82f3d424cde0770e935ae4d60ef3414a006860e4c3,2024-09-08T10:15:01.907000
 CVE-2024-8574,0,0,3feb7a09243a69f64c60218b17af890368ca0b5b4cf798662e02c55f39739523,2024-09-08T11:15:10.430000
+CVE-2024-8575,1,1,ec1fdeba2871df6b452fe0ccfb46639256233d83150008ae3df8d0380d95b64e,2024-09-08T17:15:11.390000