CVE-2024-0712
Byzoro Smart S150 Management Platform userattea.php access control
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A vulnerability was found in Byzoro Smart S150 Management Platform V31R02B15. It has been classified as critical. Affected is an unknown function of the file /useratte/inc/userattea.php. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-251538 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Se encontró una vulnerabilidad en Beijing Baichuo Smart S150 Management Platform V31R02B15. Ha sido clasificada como crítica. Una función desconocida del archivo /useratte/inc/userattea.php es afectada por esta vulnerabilidad. La manipulación conduce a controles de acceso inadecuados. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al público y puede utilizarse. VDB-251538 es el identificador asignado a esta vulnerabilidad. NOTA: Se contactó primeramente con el proveedor sobre esta divulgación, pero no respondió de ninguna manera.
Es wurde eine kritische Schwachstelle in Byzoro Smart S150 Management Platform V31R02B15 ausgemacht. Dabei betrifft es einen unbekannter Codeteil der Datei /useratte/inc/userattea.php. Dank Manipulation mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2024-01-19 CVE Reserved
- 2024-01-19 CVE Published
- 2024-04-10 EPSS Updated
- 2024-08-26 CVE Updated
- 2024-08-26 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-284: Improper Access Control
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
https://vuldb.com/?id.251538 | Technical Description | |
https://vuldb.com/?submit.264497 | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://github.com/GTA12138/vul/blob/main/smart%20s150/2024-1-9%20smart%20s150%20101508.md | 2024-08-26 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Byzoro Search vendor "Byzoro" | Smart S150 Firmware Search vendor "Byzoro" for product "Smart S150 Firmware" | 31r02b15 Search vendor "Byzoro" for product "Smart S150 Firmware" and version "31r02b15" | - |
Affected
| in | Byzoro Search vendor "Byzoro" | Smart S150 Search vendor "Byzoro" for product "Smart S150" | - | - |
Safe
|