Search criteria
4 vulnerabilities by CAYIN Technology
CVE-2024-7729 (GCVE-0-2024-7729)
Vulnerability from cvelistv5 – Published: 2024-08-14 03:52 – Updated: 2024-08-16 15:46
VLAI?
Title
CAYIN Technology CMS - Sensitive File Download
Summary
The CAYIN Technology CMS lacks proper access control, allowing unauthenticated remote attackers to download arbitrary CGI files.
Severity ?
7.5 (High)
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| CAYIN Technology | SMP-2100 |
Affected:
3.0
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:cayintech:smp-2100:3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smp-2100",
"vendor": "cayintech",
"versions": [
{
"status": "affected",
"version": "3.0"
}
]
},
{
"cpes": [
"cpe:2.3:h:cayintech:smp-2200:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smp-2200",
"vendor": "cayintech",
"versions": [
{
"lessThanOrEqual": "4.0",
"status": "affected",
"version": "3.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:cayintech:smp-2210:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smp-2210",
"vendor": "cayintech",
"versions": [
{
"lessThanOrEqual": "4.0",
"status": "affected",
"version": "3.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:cayintech:smp-2300:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smp-2300",
"vendor": "cayintech",
"versions": [
{
"lessThanOrEqual": "4.0",
"status": "affected",
"version": "3.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:cayintech:smp-2310:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smp-2310",
"vendor": "cayintech",
"versions": [
{
"lessThanOrEqual": "4.0",
"status": "affected",
"version": "3.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:cayintech:smp-6000:3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smp-6000",
"vendor": "cayintech",
"versions": [
{
"status": "affected",
"version": "3.0"
}
]
},
{
"cpes": [
"cpe:2.3:h:cayintech:smp-8000:3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smp-8000",
"vendor": "cayintech",
"versions": [
{
"status": "affected",
"version": "3.0"
}
]
},
{
"cpes": [
"cpe:2.3:h:cayintech:smp-8000qd:3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smp-8000qd",
"vendor": "cayintech",
"versions": [
{
"status": "affected",
"version": "3.0"
}
]
},
{
"cpes": [
"cpe:2.3:h:cayintech:cms-20:11.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cms-20",
"vendor": "cayintech",
"versions": [
{
"status": "affected",
"version": "11.0"
}
]
},
{
"cpes": [
"cpe:2.3:h:cayintech:cms-60:11.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cms-60",
"vendor": "cayintech",
"versions": [
{
"status": "affected",
"version": "11.0"
}
]
},
{
"cpes": [
"cpe:2.3:h:cayintech:cms-se:11.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cms-se",
"vendor": "cayintech",
"versions": [
{
"status": "affected",
"version": "11.0"
}
]
},
{
"cpes": [
"cpe:2.3:h:cayintech:cms-se\\(18.04\\):11.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cms-se\\(18.04\\)",
"vendor": "cayintech",
"versions": [
{
"status": "affected",
"version": "11.0"
}
]
},
{
"cpes": [
"cpe:2.3:h:cayintech:cms-se\\(22.04\\):11.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cms-se\\(22.04\\)",
"vendor": "cayintech",
"versions": [
{
"status": "affected",
"version": "11.0"
}
]
},
{
"cpes": [
"cpe:2.3:h:cayintech:smp-8100:4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smp-8100",
"vendor": "cayintech",
"versions": [
{
"status": "affected",
"version": "4.0"
}
]
},
{
"cpes": [
"cpe:2.3:h:cayintech:smp-2400:4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smp-2400",
"vendor": "cayintech",
"versions": [
{
"status": "affected",
"version": "4.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7729",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-16T15:25:14.308294Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-16T15:46:19.420Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SMP-2100",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "3.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SMP-2200",
"vendor": "CAYIN Technology",
"versions": [
{
"lessThanOrEqual": "4.0",
"status": "affected",
"version": "3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SMP-2210",
"vendor": "CAYIN Technology",
"versions": [
{
"lessThanOrEqual": "4.0",
"status": "affected",
"version": "3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SMP-2300",
"vendor": "CAYIN Technology",
"versions": [
{
"lessThanOrEqual": "4.0",
"status": "affected",
"version": "3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SMP-2310",
"vendor": "CAYIN Technology",
"versions": [
{
"lessThanOrEqual": "4.0",
"status": "affected",
"version": "3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SMP-6000",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "3.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SMP-8000",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "3.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SMP-8000QD",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "3.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CMS-20",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "11.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CMS-60",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "11.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CMS-SE",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "11.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CMS-SE(18.04)",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "11.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CMS-SE(22.04)",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "11.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SMP-8100",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "4.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SMP-2400",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "4.0"
}
]
}
],
"datePublic": "2024-08-14T03:29:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The CAYIN Technology CMS lacks proper access control, allowing unauthenticated remote attackers to download arbitrary CGI files."
}
],
"value": "The CAYIN Technology CMS lacks proper access control, allowing unauthenticated remote attackers to download arbitrary CGI files."
}
],
"impacts": [
{
"capecId": "CAPEC-497",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-497 File Discovery"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T03:52:43.673Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-8003-5543e-1.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/en/cp-139-8004-ed9aa-2.html"
},
{
"tags": [
"patch"
],
"url": "https://resource1.cayintech.com/patch/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eInstall patch P24012 or later for following versions\uff1a\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSMP-2100 v3.0\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSMP-2200 v3.0\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSMP-2210 v3.0\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSMP-2300 v3.0\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSMP-2310 v3.0\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSMP-6000 v3.0\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSMP-8000 v3.0\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSMP-8000QD v3.0\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eInstall patch P24006 or later for following versions\uff1a\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCMS-20 v11.0\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCMS-60 v11.0\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCMS-SE v11.0\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCMS-SE(18.04) v11.0\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eInstall patch P24007 or later for following versions\uff1a\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCMS-SE(22.04) v11.0\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eInstall patch P24008 or later for following versions\uff1a\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSMP-2200 v4.0\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSMP-2210 v4.0\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSMP-2300 v4.0\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSMP-2310 v4.0\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSMP-8100 v4.0\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eInstall patch P24009 or later for following versions\uff1a\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSMP-2400 v4.0\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Install patch P24012 or later for following versions\uff1a\nSMP-2100 v3.0\nSMP-2200 v3.0\nSMP-2210 v3.0\nSMP-2300 v3.0\nSMP-2310 v3.0\nSMP-6000 v3.0\nSMP-8000 v3.0\nSMP-8000QD v3.0\n\nInstall patch P24006 or later for following versions\uff1a\nCMS-20 v11.0\nCMS-60 v11.0\nCMS-SE v11.0\nCMS-SE(18.04) v11.0\n\nInstall patch P24007 or later for following versions\uff1a\nCMS-SE(22.04) v11.0\n\nInstall patch P24008 or later for following versions\uff1a\nSMP-2200 v4.0\nSMP-2210 v4.0\nSMP-2300 v4.0\nSMP-2310 v4.0\nSMP-8100 v4.0\n\nInstall patch P24009 or later for following versions\uff1a\nSMP-2400 v4.0"
}
],
"source": {
"advisory": "TVN-202408004",
"discovery": "EXTERNAL"
},
"title": "CAYIN Technology CMS - Sensitive File Download",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2024-7729",
"datePublished": "2024-08-14T03:52:43.673Z",
"dateReserved": "2024-08-13T06:08:30.865Z",
"dateUpdated": "2024-08-16T15:46:19.420Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7728 (GCVE-0-2024-7728)
Vulnerability from cvelistv5 – Published: 2024-08-14 03:26 – Updated: 2024-08-14 13:51
VLAI?
Title
CAYIN Technology CMS - OS Command Injection
Summary
The specific CGI of the CAYIN Technology CMS does not properly validate user input, allowing a remote attacker with administrator privileges to inject OS commands into the specific parameter and execute them on the remote server.
Severity ?
7.2 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| CAYIN Technology | CMS-SE(22.04) |
Affected:
11.0
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:cayintech:cms-se\\(22.04\\):11.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cms-se\\(22.04\\)",
"vendor": "cayintech",
"versions": [
{
"status": "affected",
"version": "11.0"
}
]
},
{
"cpes": [
"cpe:2.3:o:cayintech:cms-se\\(18.04\\):11.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cms-se\\(18.04\\)",
"vendor": "cayintech",
"versions": [
{
"status": "affected",
"version": "11.0"
}
]
},
{
"cpes": [
"cpe:2.3:o:cayintech:cms-se:11.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cms-se",
"vendor": "cayintech",
"versions": [
{
"status": "affected",
"version": "11.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7728",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-14T13:21:24.823282Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T13:51:41.394Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CMS-SE(22.04)",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "11.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CMS-SE(18.04)",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "11.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CMS-SE",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "11.0"
}
]
}
],
"datePublic": "2024-08-14T03:17:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The specific CGI of the CAYIN Technology CMS does not properly validate user input, allowing a remote attacker with administrator privileges to inject OS commands into the specific parameter and execute them on the remote server."
}
],
"value": "The specific CGI of the CAYIN Technology CMS does not properly validate user input, allowing a remote attacker with administrator privileges to inject OS commands into the specific parameter and execute them on the remote server."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T03:53:12.781Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/en/cp-139-8002-b6167-2.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-8001-8416d-1.html"
},
{
"tags": [
"patch"
],
"url": "https://resource1.cayintech.com/patch/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "For CMS-SE(22.04) v11.0, install patch P23005 or later. \u003cbr\u003eFor CMS-SE(18.04) v11.0, install patch P23006 or later. \u003cbr\u003eFor CMS-SE v11.0, Install patch P23007 or later.\u003cbr\u003e"
}
],
"value": "For CMS-SE(22.04) v11.0, install patch P23005 or later. \nFor CMS-SE(18.04) v11.0, install patch P23006 or later. \nFor CMS-SE v11.0, Install patch P23007 or later."
}
],
"source": {
"advisory": "TVN-202408003",
"discovery": "EXTERNAL"
},
"title": "CAYIN Technology CMS - OS Command Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2024-7728",
"datePublished": "2024-08-14T03:26:50.771Z",
"dateReserved": "2024-08-13T06:08:29.077Z",
"dateUpdated": "2024-08-14T13:51:41.394Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7357 (GCVE-0-2020-7357)
Vulnerability from cvelistv5 – Published: 2020-08-06 15:45 – Updated: 2024-09-17 03:12
VLAI?
Title
Cayin CMS Command Injection
Summary
Cayin CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the 'NTP_Server_IP' HTTP POST parameter in system.cgi page. This issue affects several branches and versions of the CMS application, including CME-SE, CMS-60, CMS-40, CMS-20, and CMS version 8.2, 8.0, and 7.5.
Severity ?
9.6 (Critical)
CWE
- CWE-78 - OS Command Injection
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Cayin Technology | Cayin CMS-SE |
Affected:
11.0 Build 19179 , ≤ 11.0 Build 19179
(custom)
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
Credits
This issue was discovered by Gjoko Krstic of Zero Science Lab.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:25:49.104Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/13607"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5570.php"
},
{
"tags": [
"vendor-advisory",
"x_refsource_IBM",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182925"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cayin CMS-SE",
"vendor": "Cayin Technology",
"versions": [
{
"lessThanOrEqual": "11.0 Build 19179",
"status": "affected",
"version": "11.0 Build 19179",
"versionType": "custom"
}
]
},
{
"product": "Cayin CMS-60",
"vendor": "Cayin Technology",
"versions": [
{
"lessThanOrEqual": "11.0 Build 19025",
"status": "affected",
"version": "11.0 Build 19025",
"versionType": "custom"
}
]
},
{
"product": "Cayin CMS-40",
"vendor": "Cayin Technology",
"versions": [
{
"lessThanOrEqual": "9.0 Build 14917",
"status": "affected",
"version": "9.0 Build 14917",
"versionType": "custom"
}
]
},
{
"product": "Cayin CMS-20",
"vendor": "Cayin Technology",
"versions": [
{
"lessThanOrEqual": "9.0 Build 14917",
"status": "affected",
"version": "9.0 Build 14917",
"versionType": "custom"
}
]
},
{
"product": "Cayin CMS",
"vendor": "Cayin Technology",
"versions": [
{
"status": "affected",
"version": "8.2 Build 12199"
},
{
"status": "affected",
"version": "8.0 Build 11175"
},
{
"status": "affected",
"version": "7.5 Build 11175"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Gjoko Krstic of Zero Science Lab."
}
],
"datePublic": "2020-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cayin CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the \u0027NTP_Server_IP\u0027 HTTP POST parameter in system.cgi page. This issue affects several branches and versions of the CMS application, including CME-SE, CMS-60, CMS-40, CMS-20, and CMS version 8.2, 8.0, and 7.5."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-06T15:45:28",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/13607"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5570.php"
},
{
"tags": [
"vendor-advisory",
"x_refsource_IBM"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182925"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Cayin CMS Command Injection",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2020-04-06T10:00:00.000Z",
"ID": "CVE-2020-7357",
"STATE": "PUBLIC",
"TITLE": "Cayin CMS Command Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cayin CMS-SE",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "11.0 Build 19179",
"version_value": "11.0 Build 19179"
}
]
}
},
{
"product_name": "Cayin CMS-60",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "11.0 Build 19025",
"version_value": "11.0 Build 19025"
}
]
}
},
{
"product_name": "Cayin CMS-40",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "9.0 Build 14917",
"version_value": "9.0 Build 14917"
}
]
}
},
{
"product_name": "Cayin CMS-20",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "9.0 Build 14917",
"version_value": "9.0 Build 14917"
}
]
}
},
{
"product_name": "Cayin CMS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "8.2 Build 12199",
"version_value": "8.2 Build 12199"
},
{
"version_affected": "=",
"version_name": "8.0 Build 11175",
"version_value": "8.0 Build 11175"
},
{
"version_affected": "=",
"version_name": "7.5 Build 11175",
"version_value": "7.5 Build 11175"
}
]
}
}
]
},
"vendor_name": "Cayin Technology"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered by Gjoko Krstic of Zero Science Lab."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cayin CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the \u0027NTP_Server_IP\u0027 HTTP POST parameter in system.cgi page. This issue affects several branches and versions of the CMS application, including CME-SE, CMS-60, CMS-40, CMS-20, and CMS version 8.2, 8.0, and 7.5."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/rapid7/metasploit-framework/pull/13607",
"refsource": "MISC",
"url": "https://github.com/rapid7/metasploit-framework/pull/13607"
},
{
"name": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5570.php",
"refsource": "MISC",
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5570.php"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182925",
"refsource": "IBM",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182925"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2020-7357",
"datePublished": "2020-08-06T15:45:28.433116Z",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-09-17T03:12:42.262Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7356 (GCVE-0-2020-7356)
Vulnerability from cvelistv5 – Published: 2020-08-06 15:45 – Updated: 2024-09-17 03:37
VLAI?
Title
Cayin xPost SQL Injection
Summary
CAYIN xPost suffers from an unauthenticated SQL Injection vulnerability. Input passed via the GET parameter 'wayfinder_seqid' in wayfinder_meeting_input.jsp is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and execute SYSTEM commands.
Severity ?
10 (Critical)
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cayin Technology | Cayin xPost |
Affected:
2.5.18103
Affected: 2.0 Affected: 1.0 |
Credits
This issue was discovered by Gjoko Krstic of Zero Science Lab.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:25:48.996Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5571.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/13607"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cayin xPost",
"vendor": "Cayin Technology",
"versions": [
{
"status": "affected",
"version": "2.5.18103"
},
{
"status": "affected",
"version": "2.0"
},
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Gjoko Krstic of Zero Science Lab."
}
],
"datePublic": "2020-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CAYIN xPost suffers from an unauthenticated SQL Injection vulnerability. Input passed via the GET parameter \u0027wayfinder_seqid\u0027 in wayfinder_meeting_input.jsp is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and execute SYSTEM commands."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-06T15:45:27",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5571.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/13607"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Cayin xPost SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2020-04-06T10:00:00.000Z",
"ID": "CVE-2020-7356",
"STATE": "PUBLIC",
"TITLE": "Cayin xPost SQL Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cayin xPost",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "2.5.18103",
"version_value": "2.5.18103"
},
{
"version_affected": "=",
"version_name": "2.0",
"version_value": "2.0"
},
{
"version_affected": "=",
"version_name": "1.0",
"version_value": "1.0"
}
]
}
}
]
},
"vendor_name": "Cayin Technology"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered by Gjoko Krstic of Zero Science Lab."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CAYIN xPost suffers from an unauthenticated SQL Injection vulnerability. Input passed via the GET parameter \u0027wayfinder_seqid\u0027 in wayfinder_meeting_input.jsp is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and execute SYSTEM commands."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5571.php",
"refsource": "MISC",
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5571.php"
},
{
"name": "https://github.com/rapid7/metasploit-framework/pull/13607",
"refsource": "MISC",
"url": "https://github.com/rapid7/metasploit-framework/pull/13607"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2020-7356",
"datePublished": "2020-08-06T15:45:28.016670Z",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-09-17T03:37:28.730Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}