CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11310 – TRCore DVC - Arbitrary File Read through Path Traversal
https://notcve.org/view.php?id=CVE-2024-11310
The DVC from TRCore has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files. • https://www.twcert.org.tw/en/cp-139-8245-ad7d7-2.html https://www.twcert.org.tw/tw/cp-132-8244-c45b5-1.html • CWE-23: Relative Path Traversal •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11309 – TRCore DVC - Arbitrary File Read through Path Traversal
https://notcve.org/view.php?id=CVE-2024-11309
The DVC from TRCore has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files. • https://www.twcert.org.tw/en/cp-139-8243-3d818-2.html https://www.twcert.org.tw/tw/cp-132-8242-384a1-1.html • CWE-23: Relative Path Traversal •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11308 – TRCore DVC - Use of Hard-coded Cryptographic Key
https://notcve.org/view.php?id=CVE-2024-11308
The DVC from TRCore encrypts files using a hardcoded key. Attackers can use this key to decrypt the files and restore the original content. • https://www.twcert.org.tw/en/cp-139-8241-1af92-2.html https://www.twcert.org.tw/tw/cp-132-8240-562c3-1.html • CWE-321: Use of Hard-coded Cryptographic Key •