{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-0716", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2024-01-19T07:10:13.648Z", "datePublished": "2024-01-19T15:00:05.792Z", "dateUpdated": "2024-10-21T11:31:56.228Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-04-09T08:34:26.803Z"}, "title": "Byzoro Smart S150 Management Platform Backup File download.php information disclosure", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-200", "lang": "en", "description": "CWE-200 Information Disclosure"}]}], "affected": [{"vendor": "Byzoro", "product": "Smart S150 Management Platform", "versions": [{"version": "V31R02B15", "status": "affected"}], "modules": ["Backup File Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic has been found in Byzoro Smart S150 Management Platform V31R02B15. This affects an unknown part of the file /log/download.php of the component Backup File Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-251541 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "Es wurde eine Schwachstelle in Byzoro Smart S150 Management Platform V31R02B15 entdeckt. Sie wurde als problematisch eingestuft. Hiervon betroffen ist ein unbekannter Codeblock der Datei /log/download.php der Komponente Backup File Handler. Durch Manipulation mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie ist schwierig auszunutzen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 3.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.1, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 2.1, "vectorString": "AV:N/AC:H/Au:S/C:P/I:N/A:N"}}], "timeline": [{"time": "2024-01-19T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2024-01-19T00:00:00.000Z", "lang": "en", "value": "CVE reserved"}, {"time": "2024-01-19T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2024-04-09T09:07:14.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "rollingchair (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.251541", "name": "VDB-251541 | Byzoro Smart S150 Management Platform Backup File download.php information disclosure", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.251541", "name": "VDB-251541 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.265177", "name": "Submit #265177 | \u5317\u4eac\u767e\u5353\u7f51\u7edc\u6280\u672f\u6709\u9650\u516c\u53f8 Smart S150  Smart V31R02B15 Download any file", "tags": ["third-party-advisory"]}, {"url": "https://github.com/GTA12138/vul/blob/main/smart%20s150/s150%20Download%20any%20file/smart%20s150%20download%20any%20file.md", "tags": ["exploit"]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:11:35.779Z"}, "title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.251541", "name": "VDB-251541 | Byzoro Smart S150 Management Platform Backup File download.php information disclosure", "tags": ["vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.251541", "name": "VDB-251541 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://vuldb.com/?submit.265177", "name": "Submit #265177 | \u5317\u4eac\u767e\u5353\u7f51\u7edc\u6280\u672f\u6709\u9650\u516c\u53f8 Smart S150  Smart V31R02B15 Download any file", "tags": ["third-party-advisory", "x_transferred"]}, {"url": "https://github.com/GTA12138/vul/blob/main/smart%20s150/s150%20Download%20any%20file/smart%20s150%20download%20any%20file.md", "tags": ["exploit", "x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-532", "lang": "en", "description": "CWE-532 Insertion of Sensitive Information into Log File"}]}], "affected": [{"vendor": "byzoro", "product": "smart_s150", "cpes": ["cpe:2.3:h:byzoro:smart_s150:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "V31R02B15", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-01-22T15:24:13.454422Z", "id": "CVE-2024-0716", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-21T11:31:56.228Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.251541", "name": "VDB-251541 | Byzoro Smart S150 Management Platform Backup File download.php information disclosure", "tags": ["vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.251541", "name": "VDB-251541 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://vuldb.com/?submit.265177", "name": "Submit #265177 | \u5317\u4eac\u767e\u5353\u7f51\u7edc\u6280\u672f\u6709\u9650\u516c\u53f8 Smart S150  Smart V31R02B15 Download any file", "tags": ["third-party-advisory", "x_transferred"]}, {"url": "https://github.com/GTA12138/vul/blob/main/smart%20s150/s150%20Download%20any%20file/smart%20s150%20download%20any%20file.md", "tags": ["exploit", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:11:35.779Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-0716", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-01-22T15:24:13.454422Z"}}}], "affected": [{"cpes": ["cpe:2.3:h:byzoro:smart_s150:-:*:*:*:*:*:*:*"], "vendor": "byzoro", "product": "smart_s150", "versions": [{"status": "affected", "version": "V31R02B15"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-532", "description": "CWE-532 Insertion of Sensitive Information into Log File"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-21T11:30:31.681Z"}}], "cna": {"title": "Byzoro Smart S150 Management Platform Backup File download.php information disclosure", "credits": [{"lang": "en", "type": "reporter", "value": "rollingchair (VulDB User)"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 3.1, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.1, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 2.1, "vectorString": "AV:N/AC:H/Au:S/C:P/I:N/A:N"}}], "affected": [{"vendor": "Byzoro", "modules": ["Backup File Handler"], "product": "Smart S150 Management Platform", "versions": [{"status": "affected", "version": "V31R02B15"}]}], "timeline": [{"lang": "en", "time": "2024-01-19T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2024-01-19T00:00:00.000Z", "value": "CVE reserved"}, {"lang": "en", "time": "2024-01-19T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2024-04-09T09:07:14.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.251541", "name": "VDB-251541 | Byzoro Smart S150 Management Platform Backup File download.php information disclosure", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.251541", "name": "VDB-251541 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.265177", "name": "Submit #265177 | \u5317\u4eac\u767e\u5353\u7f51\u7edc\u6280\u672f\u6709\u9650\u516c\u53f8 Smart S150  Smart V31R02B15 Download any file", "tags": ["third-party-advisory"]}, {"url": "https://github.com/GTA12138/vul/blob/main/smart%20s150/s150%20Download%20any%20file/smart%20s150%20download%20any%20file.md", "tags": ["exploit"]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic has been found in Byzoro Smart S150 Management Platform V31R02B15. This affects an unknown part of the file /log/download.php of the component Backup File Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-251541 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "Es wurde eine Schwachstelle in Byzoro Smart S150 Management Platform V31R02B15 entdeckt. Sie wurde als problematisch eingestuft. Hiervon betroffen ist ein unbekannter Codeblock der Datei /log/download.php der Komponente Backup File Handler. Durch Manipulation mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie ist schwierig auszunutzen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200 Information Disclosure"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-04-09T08:34:26.803Z"}}}, "cveMetadata": {"cveId": "CVE-2024-0716", "state": "PUBLISHED", "dateUpdated": "2024-10-21T11:31:56.228Z", "dateReserved": "2024-01-19T07:10:13.648Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2024-01-19T15:00:05.792Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:byzoro:smart_s150_firmware:31r02b15:*:*:*:*:*:*:*", "matchCriteriaId": "4D9EB833-E3F1-479D-A904-FA45CFF7EAA8", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:byzoro:smart_s150:-:*:*:*:*:*:*:*", "matchCriteriaId": "8933946D-BF4C-4F40-8752-D4D6A371BE6E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic has been found in Byzoro Smart S150 Management Platform V31R02B15. This affects an unknown part of the file /log/download.php of the component Backup File Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-251541 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "es", "value": "Una vulnerabilidad ha sido encontrada en Beijing Baichuo Smart S150 Management Platform V31R02B15 y clasificada como problem\u00e1tica. Una parte desconocida del archivo /log/download.php del componente Backup File Handler es afectada por una funci\u00f3n desconocida. La manipulaci\u00f3n conduce a la divulgaci\u00f3n de informaci\u00f3n. Es posible iniciar el ataque de forma remota. La complejidad de un ataque es bastante alta. Se dice que la explotabilidad es dif\u00edcil. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-251541. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."}], "id": "CVE-2024-0716", "lastModified": "2024-11-21T08:47:12.190", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-01-19T15:15:09.240", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/GTA12138/vul/blob/main/smart%20s150/s150%20Download%20any%20file/smart%20s150%20download%20any%20file.md"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?ctiid.251541"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?id.251541"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.265177"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/GTA12138/vul/blob/main/smart%20s150/s150%20Download%20any%20file/smart%20s150%20download%20any%20file.md"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?ctiid.251541"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?id.251541"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://vuldb.com/?submit.265177"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "cna@vuldb.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-532"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}