From e23e958cdf23b4ea68029acd9c55824c88be8b8f Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sun, 8 Sep 2024 18:03:15 +0000 Subject: [PATCH] Auto-Update: 2024-09-08T18:00:16.739562+00:00 --- CVE-2024/CVE-2024-85xx/CVE-2024-8575.json | 141 ++++++++++++++++++++++ README.md | 15 +-- _state.csv | 9 +- 3 files changed, 152 insertions(+), 13 deletions(-) create mode 100644 CVE-2024/CVE-2024-85xx/CVE-2024-8575.json diff --git a/CVE-2024/CVE-2024-85xx/CVE-2024-8575.json b/CVE-2024/CVE-2024-85xx/CVE-2024-8575.json new file mode 100644 index 00000000000..d4b34093ae5 --- /dev/null +++ b/CVE-2024/CVE-2024-85xx/CVE-2024-8575.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2024-8575", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-09-08T17:15:11.390", + "lastModified": "2024-09-08T17:15:11.390", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220 and classified as critical. This issue affects the function setWiFiScheduleCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 8.7, + "baseSeverity": "HIGH" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "COMPLETE", + "integrityImpact": "COMPLETE", + "availabilityImpact": "COMPLETE", + "baseScore": 9.0 + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 8.0, + "impactScore": 10.0, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/noahze01/IoT-vulnerable/blob/main/TOTOLink/AC1200T8/setWiFiScheduleCfg.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.276809", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.276809", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.401263", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.totolink.net/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 74de96c2049..ec63087745b 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-09-08T14:00:17.074471+00:00 +2024-09-08T18:00:16.739562+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-09-08T12:15:10.890000+00:00 +2024-09-08T17:15:11.390000+00:00 ``` ### Last Data Feed Release @@ -33,23 +33,20 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -262182 +262183 ``` ### CVEs added in the last Commit -Recently added CVEs: `3` +Recently added CVEs: `1` -- [CVE-2024-42341](CVE-2024/CVE-2024-423xx/CVE-2024-42341.json) (`2024-09-08T12:15:10.427`) -- [CVE-2024-42342](CVE-2024/CVE-2024-423xx/CVE-2024-42342.json) (`2024-09-08T12:15:10.663`) -- [CVE-2024-42343](CVE-2024/CVE-2024-423xx/CVE-2024-42343.json) (`2024-09-08T12:15:10.890`) +- [CVE-2024-8575](CVE-2024/CVE-2024-85xx/CVE-2024-8575.json) (`2024-09-08T17:15:11.390`) ### CVEs modified in the last Commit -Recently modified CVEs: `1` +Recently modified CVEs: `0` -- [CVE-2024-42334](CVE-2024/CVE-2024-423xx/CVE-2024-42334.json) (`2024-09-08T12:15:09.880`) ## Download and Usage diff --git a/_state.csv b/_state.csv index aef9fb9bea9..61a95a04753 100644 --- a/_state.csv +++ b/_state.csv @@ -257993,7 +257993,7 @@ CVE-2024-42320,0,0,3bb9745120c3e683aefbafbca3ae9140002adac221663a12333f744da45f1 CVE-2024-42321,0,0,1716db5db6c984bf2ebbd691b80440a9181fa253c6bc8c5d00954d830484e312,2024-08-19T12:59:59.177000 CVE-2024-42322,0,0,2accb2a45b605eba549de2a0c83236102f9dab689f1b61dc800f0c45a0f92db4,2024-08-19T12:59:59.177000 CVE-2024-4233,0,0,e3336c43dd885f8db6271cd8e49f7796169d1b724e733d53d39e8dcd56cab238,2024-05-08T17:05:24.083000 -CVE-2024-42334,0,1,bde83a8b3e1fda08d590302dc4b567a00367ef315528bceb61555d7d23e4876c,2024-09-08T12:15:09.880000 +CVE-2024-42334,0,0,bde83a8b3e1fda08d590302dc4b567a00367ef315528bceb61555d7d23e4876c,2024-09-08T12:15:09.880000 CVE-2024-42335,0,0,2b9b97973dd654c6eb68cc221bad7788b92938b457385b73625ca969f07db996,2024-08-21T13:49:19.863000 CVE-2024-42336,0,0,74e57bfa6ceb0764665eac825d78f0a67cb52357a0fbd794d7fcb504d5103724,2024-08-27T14:59:38.100000 CVE-2024-42337,0,0,76aed1566fc52b0e12514551ebbf6ae5c8fcd5dc1022f916f44ed893b78ec187,2024-08-30T19:47:49.993000 @@ -258001,9 +258001,9 @@ CVE-2024-42338,0,0,1c166daf89824e931f66e0595fb5e5754e965336c9788e410016199689669 CVE-2024-42339,0,0,0f64f5dc7b4d98f934a7a3631edfea2fcfdfd750cae95143817c35e5cf790c70,2024-08-30T19:47:13.743000 CVE-2024-4234,0,0,18c98986f4d0c323ca7a76881b57d07f11d740fced15b647da44016411c790ed,2024-04-26T15:32:22.523000 CVE-2024-42340,0,0,708aac03ef44aeea471e9a045b752e905888f9d429c0c9806a766c67411a6e38,2024-08-30T19:47:36 -CVE-2024-42341,1,1,7027bef93dfed93ec135140e6e2a911166114baf146d87f15ff43c72ee02d63d,2024-09-08T12:15:10.427000 -CVE-2024-42342,1,1,e49b1c9360a5a913c93778ed2b054958b429663dd126895a65625749f7519d33,2024-09-08T12:15:10.663000 -CVE-2024-42343,1,1,31370171aa70e0a20597cb1895579d203c4c22926cb47eb327d29ca625f8d363,2024-09-08T12:15:10.890000 +CVE-2024-42341,0,0,7027bef93dfed93ec135140e6e2a911166114baf146d87f15ff43c72ee02d63d,2024-09-08T12:15:10.427000 +CVE-2024-42342,0,0,e49b1c9360a5a913c93778ed2b054958b429663dd126895a65625749f7519d33,2024-09-08T12:15:10.663000 +CVE-2024-42343,0,0,31370171aa70e0a20597cb1895579d203c4c22926cb47eb327d29ca625f8d363,2024-09-08T12:15:10.890000 CVE-2024-42347,0,0,9d56c3d6f460e2251d08d50a3e874b7efeb364cadb050367418d1be0b31e15cb,2024-08-12T18:52:08.163000 CVE-2024-42348,0,0,9049ba06c12fadbe924de4e1d7650091813be7f3a3306b9434f7ebd8620eed32,2024-08-05T12:41:45.957000 CVE-2024-42349,0,0,7c83a1a3a31095b7c061367c56e1e2185d3951ede9de2f7c2b93de97074131bc,2024-08-05T12:41:45.957000 @@ -262181,3 +262181,4 @@ CVE-2024-8571,0,0,4b0212832637fc09d08559fac9a5f7c29a912232f1c3f5c1babf41ce57464a CVE-2024-8572,0,0,cce7dc5e1ed269ccfa18ad3557ca30ca7a8ba65c362c5f22fb757edf0c4a1bae,2024-09-08T08:15:13.443000 CVE-2024-8573,0,0,484e635dac50c7757dda7d82f3d424cde0770e935ae4d60ef3414a006860e4c3,2024-09-08T10:15:01.907000 CVE-2024-8574,0,0,3feb7a09243a69f64c60218b17af890368ca0b5b4cf798662e02c55f39739523,2024-09-08T11:15:10.430000 +CVE-2024-8575,1,1,ec1fdeba2871df6b452fe0ccfb46639256233d83150008ae3df8d0380d95b64e,2024-09-08T17:15:11.390000