PT-2024-15773 · Beijing Baichuo · Beijing Baichuo Smart S150 Management Platform

Rollingchair

Published

2024-01-19

Updated

2024-05-17

CVE-2024-0712

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Beijing Baichuo Smart S150 Management Platform version V31R02B15

Description A critical issue has been found, affecting an unknown function of the file /useratte/inc/userattea.php. This leads to improper access controls, allowing remote attacks. The exploit has been publicly disclosed. The vendor was contacted about this issue but did not respond.

Recommendations For version V31R02B15, as a temporary workaround, consider restricting access to the file /useratte/inc/userattea.php until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

CVE-2024-0712

Affected Products

Beijing Baichuo Smart S150 Management Platform

PT-2024-15773 · Beijing Baichuo · Beijing Baichuo Smart S150 Management Platform

CVE-2024-0712

Weakness Enumeration

Related Identifiers

Affected Products

References · 9