Byzoro Smart S150 Management Platform userattea.php access control
CVE-2024-0712

9.8CRITICAL

Key Information:

Vendor

Byzoro

Status
Smart S150 Management Platform
Vendor
CVE Published:
19 January 2024

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2024-0712?

A security flaw exists within the Byzoro Smart S150 Management Platform that affects an unspecified function in the userattea.php file. This flaw can lead to improper access controls, potentially allowing an attacker to gain unauthorized access to sensitive resources. The nature of the vulnerability enables it to be exploited remotely, posing a significant risk to users if not addressed promptly. Although the vendor was notified regarding this issue, there was no response, raising concerns about the platform's security and the necessity for users to take protective measures.

Affected Version(s)

Smart S150 Management Platform V31R02B15

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-0712 - Proof of Concept

References

https://vuldb.com/?id.251538
vdb-entrytechnical-description
https://vuldb.com/?ctiid.251538
signaturepermissions-required
https://vuldb.com/?submit.264497
third-party-advisory

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

rollingchair (VulDB User)
.