go to Content
:::

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center

:::
Date:
Font-stze:

CAYIN Technology CMS - Sensitive File Download

TVN ID TVN-202408004
CVE ID CVE-2024-7729
CVSS 7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products SMP-2100 v3.0
SMP-2200 v3.0
SMP-2210 v3.0
SMP-2300 v3.0
SMP-2310 v3.0
SMP-6000 v3.0
SMP-8000 v3.0
SMP-8000QD v3.0
CMS-20 v11.0
CMS-60 v11.0
CMS-SE v11.0
CMS-SE(18.04) v11.0
CMS-SE(22.04) v11.0
SMP-2200 v4.0
SMP-2210 v4.0
SMP-2300 v4.0
SMP-2310 v4.0
SMP-8100 v4.0
SMP-2400 v4.0
Description The CAYIN Technology CMS lacks proper access control, allowing unauthenticated remote attackers to download arbitrary CGI files.
Solution Install patch P24012 or later for following versions:
SMP-2100 v3.0
SMP-2200 v3.0
SMP-2210 v3.0
SMP-2300 v3.0
SMP-2310 v3.0
SMP-6000 v3.0
SMP-8000 v3.0
SMP-8000QD v3.0

Install patch P24006 or later for following versions:
CMS-20 v11.0
CMS-60 v11.0
CMS-SE v11.0
CMS-SE(18.04) v11.0

Install patch P24007 or later for following versions:
CMS-SE(22.04) v11.0

Install patch P24008 or later for following versions:
SMP-2200 v4.0
SMP-2210 v4.0
SMP-2300 v4.0
SMP-2310 v4.0
SMP-8100 v4.0

Install patch P24009 or later for following versions:
SMP-2400 v4.0
Credit Dio Lin(CHT)
Public Date 2024-08-13
Top