go to Content
:::

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center

:::
Date:
Font-stze:

CHANGING Mobile One Time Password - Arbitrary File Reading

TVN ID TVN-202407001
CVE ID CVE-2024-3122
CVSS 4.9 (Medium)
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Affected Products Mobile One Time Password version 3.11.2 and earlier.
Description CHANGING Mobile One Time Password does not properly filter parameters for the file download functionality, allowing remote attackers with administrator privilege to read arbitrary file on the system.
Solution Update to MOTP 3.11.3 Patch 1 or later version or install the patch.
Credit Vtim(DEVCORE)
Public Date 2024-07-01
Top