CVE-2024-7729

Summary

The CAYIN Technology CMS lacks proper access control, allowing unauthenticated remote attackers to download arbitrary CGI files.

Affected Software

VendorProductVersion RangeStatus
CAYIN TechnologySMP-21003.0affected
CAYIN TechnologySMP-22003.0 <= 4.0affected
CAYIN TechnologySMP-22103.0 <= 4.0affected
CAYIN TechnologySMP-23003.0 <= 4.0affected
CAYIN TechnologySMP-23103.0 <= 4.0affected
CAYIN TechnologySMP-60003.0affected
CAYIN TechnologySMP-80003.0affected
CAYIN TechnologySMP-8000QD3.0affected
CAYIN TechnologyCMS-2011.0affected
CAYIN TechnologyCMS-6011.0affected
CAYIN TechnologyCMS-SE11.0affected
CAYIN TechnologyCMS-SE(18.04)11.0affected
CAYIN TechnologyCMS-SE(22.04)11.0affected
CAYIN TechnologySMP-81004.0affected
CAYIN TechnologySMP-24004.0affected

Weaknesses

  • CWE-552: CWE-552 Files or Directories Accessible to External Parties

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References