Unauthorized Access to Arbitrary CGI Files via Lack of Proper Access Control
CVE-2024-7729

7.5HIGH

Key Information:

Vendor

Cayin Technology

Status
Smp-2100
Smp-2200
Smp-2210
Smp-2300
Vendor
CVE Published:
14 August 2024

What is CVE-2024-7729?

An identified vulnerability in CAYIN Technology CMS allows unauthorized remote attackers to bypass access controls and download arbitrary CGI files. This flaw highlights significant security concerns as it could lead to potential exposure of sensitive information and further exploitation of the system. Users are advised to apply the latest security patches to mitigate risks associated with this issue.

Affected Version(s)

CMS-20 11.0

CMS-60 11.0

CMS-SE 11.0

References

https://www.twcert.org.tw/tw/cp-132-8003-5543e-1.html
third-party-advisory
https://www.twcert.org.tw/en/cp-139-8004-ed9aa-2.html
third-party-advisory
https://resource1.cayintech.com/patch/
patch

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2024-7729 : Unauthorized Access to Arbitrary CGI Files via Lack of Proper Access Control