CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 1CVE-2024-0716 – Byzoro Smart S150 Management Platform Backup File download.php information disclosure
https://notcve.org/view.php?id=CVE-2024-0716
A vulnerability classified as problematic has been found in Byzoro Smart S150 Management Platform V31R02B15. This affects an unknown part of the file /log/download.php of the component Backup File Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The complexity of an attack is rather high. • https://github.com/GTA12138/vul/blob/main/smart%20s150/s150%20Download%20any%20file/smart%20s150%20download%20any%20file.md https://vuldb.com/?ctiid.251541 https://vuldb.com/?id.251541 https://vuldb.com/?submit.265177 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2024-0712 – Byzoro Smart S150 Management Platform userattea.php access control
https://notcve.org/view.php?id=CVE-2024-0712
A vulnerability was found in Byzoro Smart S150 Management Platform V31R02B15. It has been classified as critical. Affected is an unknown function of the file /useratte/inc/userattea.php. The manipulation leads to improper access controls. It is possible to launch the attack remotely. • https://github.com/GTA12138/vul/blob/main/smart%20s150/2024-1-9%20smart%20s150%20101508.md https://vuldb.com/?ctiid.251538 https://vuldb.com/?id.251538 https://vuldb.com/?submit.264497 • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2024-0300 – Byzoro Smart S150 Management Platform HTTP POST Request userattestation.php unrestricted upload
https://notcve.org/view.php?id=CVE-2024-0300
A vulnerability was found in Byzoro Smart S150 Management Platform up to 20240101. It has been rated as critical. Affected by this issue is some unknown functionality of the file /useratte/userattestation.php of the component HTTP POST Request Handler. The manipulation of the argument web_img leads to unrestricted upload. The attack may be launched remotely. • https://github.com/tolkent/cve/blob/main/upload.md https://vuldb.com/?ctiid.249866 https://vuldb.com/?id.249866 https://vuldb.com/?submit.260962 • CWE-434: Unrestricted Upload of File with Dangerous Type •