PT-2023-6727 · Dahua · Dahua Smart Parking Management
Qiuhui
·
Publicado
2023-07-22
·
Atualizado
2024-05-17
·
CVE-2023-3836
CVSS v2.0
10
Crítica
| Vetor | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Dahua Smart Park Management versions up to 20230713
Description
The issue is related to an unrestricted file upload vulnerability in the /emap/devicePoint addImgIco?hasSubsystem=true file, which can be exploited remotely. This vulnerability allows an attacker to execute arbitrary code. The manipulation of the
upload argument leads to this unrestricted upload. The exploit has been disclosed to the public and may be used.Recommendations
For versions up to 20230713, as a temporary workaround, consider restricting access to the /emap/devicePoint addImgIco?hasSubsystem=true endpoint to minimize the risk of exploitation. Avoid using the
upload argument in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Unrestricted File Upload
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Dahua Smart Parking Management