| TVN ID | TVN-202408004 |
|---|---|
| CVE ID | CVE-2024-7729 |
| CVSS | 7.5 (High) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
| Affected Products | SMP-2100 v3.0 SMP-2200 v3.0 SMP-2210 v3.0 SMP-2300 v3.0 SMP-2310 v3.0 SMP-6000 v3.0 SMP-8000 v3.0 SMP-8000QD v3.0 CMS-20 v11.0 CMS-60 v11.0 CMS-SE v11.0 CMS-SE(18.04) v11.0 CMS-SE(22.04) v11.0 SMP-2200 v4.0 SMP-2210 v4.0 SMP-2300 v4.0 SMP-2310 v4.0 SMP-8100 v4.0 SMP-2400 v4.0 |
| Description | The CAYIN Technology CMS lacks proper access control, allowing unauthenticated remote attackers to download arbitrary CGI files. |
| Solution | Install patch P24012 or later for following versions: SMP-2100 v3.0 SMP-2200 v3.0 SMP-2210 v3.0 SMP-2300 v3.0 SMP-2310 v3.0 SMP-6000 v3.0 SMP-8000 v3.0 SMP-8000QD v3.0 Install patch P24006 or later for following versions: CMS-20 v11.0 CMS-60 v11.0 CMS-SE v11.0 CMS-SE(18.04) v11.0 Install patch P24007 or later for following versions: CMS-SE(22.04) v11.0 Install patch P24008 or later for following versions: SMP-2200 v4.0 SMP-2210 v4.0 SMP-2300 v4.0 SMP-2310 v4.0 SMP-8100 v4.0 Install patch P24009 or later for following versions: SMP-2400 v4.0 |
| Credit | Dio Lin(CHT) |
| Public Date | 2024-08-13 |
:::