Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2024-7729
PUBLISHED
More InfoOfficial Page
Assigner-twcert
Assigner Org ID-cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e
View Known Exploited Vulnerability (KEV) details
Published At-14 Aug, 2024 | 03:52
Updated At-16 Aug, 2024 | 15:46
Rejected At-
▼CVE Numbering Authority (CNA)
CAYIN Technology CMS - Sensitive File Download

The CAYIN Technology CMS lacks proper access control, allowing unauthenticated remote attackers to download arbitrary CGI files.

Affected Products
Vendor
CAYIN Technology Co.CAYIN Technology
Product
SMP-2100
Default Status
unaffected
Versions
Affected
  • 3.0
Vendor
CAYIN Technology Co.CAYIN Technology
Product
SMP-2200
Default Status
unaffected
Versions
Affected
  • From 3.0 through 4.0 (custom)
Vendor
CAYIN Technology Co.CAYIN Technology
Product
SMP-2210
Default Status
unaffected
Versions
Affected
  • From 3.0 through 4.0 (custom)
Vendor
CAYIN Technology Co.CAYIN Technology
Product
SMP-2300
Default Status
unaffected
Versions
Affected
  • From 3.0 through 4.0 (custom)
Vendor
CAYIN Technology Co.CAYIN Technology
Product
SMP-2310
Default Status
unaffected
Versions
Affected
  • From 3.0 through 4.0 (custom)
Vendor
CAYIN Technology Co.CAYIN Technology
Product
SMP-6000
Default Status
unaffected
Versions
Affected
  • 3.0
Vendor
CAYIN Technology Co.CAYIN Technology
Product
SMP-8000
Default Status
unaffected
Versions
Affected
  • 3.0
Vendor
CAYIN Technology Co.CAYIN Technology
Product
SMP-8000QD
Default Status
unaffected
Versions
Affected
  • 3.0
Vendor
CAYIN Technology Co.CAYIN Technology
Product
CMS-20
Default Status
unaffected
Versions
Affected
  • 11.0
Vendor
CAYIN Technology Co.CAYIN Technology
Product
CMS-60
Default Status
unaffected
Versions
Affected
  • 11.0
Vendor
CAYIN Technology Co.CAYIN Technology
Product
CMS-SE
Default Status
unaffected
Versions
Affected
  • 11.0
Vendor
CAYIN Technology Co.CAYIN Technology
Product
CMS-SE(18.04)
Default Status
unaffected
Versions
Affected
  • 11.0
Vendor
CAYIN Technology Co.CAYIN Technology
Product
CMS-SE(22.04)
Default Status
unaffected
Versions
Affected
  • 11.0
Vendor
CAYIN Technology Co.CAYIN Technology
Product
SMP-8100
Default Status
unaffected
Versions
Affected
  • 4.0
Vendor
CAYIN Technology Co.CAYIN Technology
Product
SMP-2400
Default Status
unaffected
Versions
Affected
  • 4.0
Problem Types
TypeCWE IDDescription
CWECWE-552CWE-552 Files or Directories Accessible to External Parties
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-497CAPEC-497 File Discovery
Solutions

Install patch P24012 or later for following versions: SMP-2100 v3.0 SMP-2200 v3.0 SMP-2210 v3.0 SMP-2300 v3.0 SMP-2310 v3.0 SMP-6000 v3.0 SMP-8000 v3.0 SMP-8000QD v3.0 Install patch P24006 or later for following versions: CMS-20 v11.0 CMS-60 v11.0 CMS-SE v11.0 CMS-SE(18.04) v11.0 Install patch P24007 or later for following versions: CMS-SE(22.04) v11.0 Install patch P24008 or later for following versions: SMP-2200 v4.0 SMP-2210 v4.0 SMP-2300 v4.0 SMP-2310 v4.0 SMP-8100 v4.0 Install patch P24009 or later for following versions: SMP-2400 v4.0

Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.twcert.org.tw/tw/cp-132-8003-5543e-1.html
third-party-advisory
https://www.twcert.org.tw/en/cp-139-8004-ed9aa-2.html
third-party-advisory
https://resource1.cayintech.com/patch/
patch
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Vendor
CAYIN Technology Co.cayintech
Product
smp-2100
CPEs
  • cpe:2.3:h:cayintech:smp-2100:3.0:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • 3.0
Vendor
CAYIN Technology Co.cayintech
Product
smp-2200
CPEs
  • cpe:2.3:h:cayintech:smp-2200:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 3.0 through 4.0 (custom)
Vendor
CAYIN Technology Co.cayintech
Product
smp-2210
CPEs
  • cpe:2.3:h:cayintech:smp-2210:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 3.0 through 4.0 (custom)
Vendor
CAYIN Technology Co.cayintech
Product
smp-2300
CPEs
  • cpe:2.3:h:cayintech:smp-2300:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 3.0 through 4.0 (custom)
Vendor
CAYIN Technology Co.cayintech
Product
smp-2310
CPEs
  • cpe:2.3:h:cayintech:smp-2310:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 3.0 through 4.0 (custom)
Vendor
CAYIN Technology Co.cayintech
Product
smp-6000
CPEs
  • cpe:2.3:h:cayintech:smp-6000:3.0:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • 3.0
Vendor
CAYIN Technology Co.cayintech
Product
smp-8000
CPEs
  • cpe:2.3:h:cayintech:smp-8000:3.0:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • 3.0
Vendor
CAYIN Technology Co.cayintech
Product
smp-8000qd
CPEs
  • cpe:2.3:h:cayintech:smp-8000qd:3.0:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • 3.0
Vendor
CAYIN Technology Co.cayintech
Product
cms-20
CPEs
  • cpe:2.3:h:cayintech:cms-20:11.0:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • 11.0
Vendor
CAYIN Technology Co.cayintech
Product
cms-60
CPEs
  • cpe:2.3:h:cayintech:cms-60:11.0:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • 11.0
Vendor
CAYIN Technology Co.cayintech
Product
cms-se
CPEs
  • cpe:2.3:h:cayintech:cms-se:11.0:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • 11.0
Vendor
CAYIN Technology Co.cayintech
Product
cms-se\(18.04\)
CPEs
  • cpe:2.3:h:cayintech:cms-se\(18.04\):11.0:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • 11.0
Vendor
CAYIN Technology Co.cayintech
Product
cms-se\(22.04\)
CPEs
  • cpe:2.3:h:cayintech:cms-se\(22.04\):11.0:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • 11.0
Vendor
CAYIN Technology Co.cayintech
Product
smp-8100
CPEs
  • cpe:2.3:h:cayintech:smp-8100:4.0:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • 4.0
Vendor
CAYIN Technology Co.cayintech
Product
smp-2400
CPEs
  • cpe:2.3:h:cayintech:smp-2400:4.0:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • 4.0
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found