CVE-2024-3122
4.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
CHANGING Mobile One Time Password does not properly filter parameters for the file download functionality, allowing remote attackers with administrator privilege to read arbitrary file on the system.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| CHANGING | Mobile One Time Password | earlier <= 3.11.2 | affected |
Weaknesses
- CWE-23: CWE-23: Relative Path Traversal
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- https://www.twcert.org.tw/tw/cp-132-7911-0962e-1.html
- https://www.twcert.org.tw/en/cp-139-7912-4c800-2.html
References
- https://www.twcert.org.tw/tw/cp-132-7911-0962e-1.html
- https://www.twcert.org.tw/en/cp-139-7912-4c800-2.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.