Hidden Page Vulnerability Allows Execution of System Commands
CVE-2024-3123

7.2HIGH

Key Information:

Vendor: Changing
Status: Mobile One Time Password
Vendor: CVE Published:; 1 July 2024

What is CVE-2024-3123?

The vulnerability in CHANGING Mobile One Time Password arises from a flaw in its file uploading function located on a hidden page. This flaw allows remote attackers with administrative privileges to upload malicious files due to improper filtering of file types. Once uploaded, these files can be executed by the system, enabling attackers to run arbitrary system commands. This exposes the system to various risks, including unauthorized access and potential data breaches.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Mobile One Time Password 3.11 <= 3.11.3

References

https://www.twcert.org.tw/tw/cp-132-7913-6528e-1.html

third-party-advisory

https://www.twcert.org.tw/en/cp-139-7914-33fbb-2.html

third-party-advisory

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 1, 2024
Vulnerability Reserved
Apr 1, 2024

JSON

Changing

What is CVE-2024-3123?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.