TVN ID | TVN-202408004 |
---|---|
CVE ID | CVE-2024-7729 |
CVSS | 7.5 (High) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Affected Products | SMP-2100 v3.0 SMP-2200 v3.0 SMP-2210 v3.0 SMP-2300 v3.0 SMP-2310 v3.0 SMP-6000 v3.0 SMP-8000 v3.0 SMP-8000QD v3.0 CMS-20 v11.0 CMS-60 v11.0 CMS-SE v11.0 CMS-SE(18.04) v11.0 CMS-SE(22.04) v11.0 SMP-2200 v4.0 SMP-2210 v4.0 SMP-2300 v4.0 SMP-2310 v4.0 SMP-8100 v4.0 SMP-2400 v4.0 |
Description | The CAYIN Technology CMS lacks proper access control, allowing unauthenticated remote attackers to download arbitrary CGI files. |
Solution | Install patch P24012 or later for following versions: SMP-2100 v3.0 SMP-2200 v3.0 SMP-2210 v3.0 SMP-2300 v3.0 SMP-2310 v3.0 SMP-6000 v3.0 SMP-8000 v3.0 SMP-8000QD v3.0 Install patch P24006 or later for following versions: CMS-20 v11.0 CMS-60 v11.0 CMS-SE v11.0 CMS-SE(18.04) v11.0 Install patch P24007 or later for following versions: CMS-SE(22.04) v11.0 Install patch P24008 or later for following versions: SMP-2200 v4.0 SMP-2210 v4.0 SMP-2300 v4.0 SMP-2310 v4.0 SMP-8100 v4.0 Install patch P24009 or later for following versions: SMP-2400 v4.0 |
Credit | Dio Lin(CHT) |
Public Date | 2024-08-13 |