{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-7729","assignerOrgId":"cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e","state":"PUBLISHED","assignerShortName":"twcert","dateReserved":"2024-08-13T06:08:30.865Z","datePublished":"2024-08-14T03:52:43.673Z","dateUpdated":"2024-08-16T15:46:19.420Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"SMP-2100","vendor":"CAYIN Technology","versions":[{"status":"affected","version":"3.0"}]},{"defaultStatus":"unaffected","product":"SMP-2200","vendor":"CAYIN Technology","versions":[{"lessThanOrEqual":"4.0","status":"affected","version":"3.0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"SMP-2210","vendor":"CAYIN Technology","versions":[{"lessThanOrEqual":"4.0","status":"affected","version":"3.0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"SMP-2300","vendor":"CAYIN Technology","versions":[{"lessThanOrEqual":"4.0","status":"affected","version":"3.0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"SMP-2310","vendor":"CAYIN Technology","versions":[{"lessThanOrEqual":"4.0","status":"affected","version":"3.0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"SMP-6000","vendor":"CAYIN Technology","versions":[{"status":"affected","version":"3.0"}]},{"defaultStatus":"unaffected","product":"SMP-8000","vendor":"CAYIN Technology","versions":[{"status":"affected","version":"3.0"}]},{"defaultStatus":"unaffected","product":"SMP-8000QD","vendor":"CAYIN Technology","versions":[{"status":"affected","version":"3.0"}]},{"defaultStatus":"unaffected","product":"CMS-20","vendor":"CAYIN Technology","versions":[{"status":"affected","version":"11.0"}]},{"defaultStatus":"unaffected","product":"CMS-60","vendor":"CAYIN Technology","versions":[{"status":"affected","version":"11.0"}]},{"defaultStatus":"unaffected","product":"CMS-SE","vendor":"CAYIN Technology","versions":[{"status":"affected","version":"11.0"}]},{"defaultStatus":"unaffected","product":"CMS-SE(18.04)","vendor":"CAYIN Technology","versions":[{"status":"affected","version":"11.0"}]},{"defaultStatus":"unaffected","product":"CMS-SE(22.04)","vendor":"CAYIN Technology","versions":[{"status":"affected","version":"11.0"}]},{"defaultStatus":"unaffected","product":"SMP-8100","vendor":"CAYIN Technology","versions":[{"status":"affected","version":"4.0"}]},{"defaultStatus":"unaffected","product":"SMP-2400","vendor":"CAYIN Technology","versions":[{"status":"affected","version":"4.0"}]}],"datePublic":"2024-08-14T03:29:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"The CAYIN Technology CMS lacks proper access control, allowing unauthenticated remote attackers to download arbitrary CGI files."}],"value":"The CAYIN Technology CMS lacks proper access control, allowing unauthenticated remote attackers to download arbitrary CGI files."}],"impacts":[{"capecId":"CAPEC-497","descriptions":[{"lang":"en","value":"CAPEC-497 File Discovery"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-552","description":"CWE-552 Files or Directories Accessible to External Parties","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e","shortName":"twcert","dateUpdated":"2024-08-14T03:52:43.673Z"},"references":[{"tags":["third-party-advisory"],"url":"https://www.twcert.org.tw/tw/cp-132-8003-5543e-1.html"},{"tags":["third-party-advisory"],"url":"https://www.twcert.org.tw/en/cp-139-8004-ed9aa-2.html"},{"tags":["patch"],"url":"https://resource1.cayintech.com/patch/"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<span style=\"background-color: rgb(255, 255, 255);\">Install patch P24012 or later for following versions：</span><br><span style=\"background-color: rgb(255, 255, 255);\">SMP-2100 v3.0</span><br><span style=\"background-color: rgb(255, 255, 255);\">SMP-2200 v3.0</span><br><span style=\"background-color: rgb(255, 255, 255);\">SMP-2210 v3.0</span><br><span style=\"background-color: rgb(255, 255, 255);\">SMP-2300 v3.0</span><br><span style=\"background-color: rgb(255, 255, 255);\">SMP-2310 v3.0</span><br><span style=\"background-color: rgb(255, 255, 255);\">SMP-6000 v3.0</span><br><span style=\"background-color: rgb(255, 255, 255);\">SMP-8000 v3.0</span><br><span style=\"background-color: rgb(255, 255, 255);\">SMP-8000QD v3.0</span><br><br><span style=\"background-color: rgb(255, 255, 255);\">Install patch P24006 or later for following versions：</span><br><span style=\"background-color: rgb(255, 255, 255);\">CMS-20 v11.0</span><br><span style=\"background-color: rgb(255, 255, 255);\">CMS-60 v11.0</span><br><span style=\"background-color: rgb(255, 255, 255);\">CMS-SE v11.0</span><br><span style=\"background-color: rgb(255, 255, 255);\">CMS-SE(18.04) v11.0</span><br><br><span style=\"background-color: rgb(255, 255, 255);\">Install patch P24007 or later for following versions：</span><br><span style=\"background-color: rgb(255, 255, 255);\">CMS-SE(22.04) v11.0</span><br><br><span style=\"background-color: rgb(255, 255, 255);\">Install patch P24008 or later for following versions：</span><br><span style=\"background-color: rgb(255, 255, 255);\">SMP-2200 v4.0</span><br><span style=\"background-color: rgb(255, 255, 255);\">SMP-2210 v4.0</span><br><span style=\"background-color: rgb(255, 255, 255);\">SMP-2300 v4.0</span><br><span style=\"background-color: rgb(255, 255, 255);\">SMP-2310 v4.0</span><br><span style=\"background-color: rgb(255, 255, 255);\">SMP-8100 v4.0</span><br><br><span style=\"background-color: rgb(255, 255, 255);\">Install patch P24009 or later for following versions：</span><br><span style=\"background-color: rgb(255, 255, 255);\">SMP-2400 v4.0</span>\n\n<br>"}],"value":"Install patch P24012 or later for following versions：\nSMP-2100 v3.0\nSMP-2200 v3.0\nSMP-2210 v3.0\nSMP-2300 v3.0\nSMP-2310 v3.0\nSMP-6000 v3.0\nSMP-8000 v3.0\nSMP-8000QD v3.0\n\nInstall patch P24006 or later for following versions：\nCMS-20 v11.0\nCMS-60 v11.0\nCMS-SE v11.0\nCMS-SE(18.04) v11.0\n\nInstall patch P24007 or later for following versions：\nCMS-SE(22.04) v11.0\n\nInstall patch P24008 or later for following versions：\nSMP-2200 v4.0\nSMP-2210 v4.0\nSMP-2300 v4.0\nSMP-2310 v4.0\nSMP-8100 v4.0\n\nInstall patch P24009 or later for following versions：\nSMP-2400 v4.0"}],"source":{"advisory":"TVN-202408004","discovery":"EXTERNAL"},"title":"CAYIN Technology CMS - Sensitive File Download","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"affected":[{"vendor":"cayintech","product":"smp-2100","cpes":["cpe:2.3:h:cayintech:smp-2100:3.0:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"3.0","status":"affected"}]},{"vendor":"cayintech","product":"smp-2200","cpes":["cpe:2.3:h:cayintech:smp-2200:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"3.0","status":"affected","lessThanOrEqual":"4.0","versionType":"custom"}]},{"vendor":"cayintech","product":"smp-2210","cpes":["cpe:2.3:h:cayintech:smp-2210:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"3.0","status":"affected","lessThanOrEqual":"4.0","versionType":"custom"}]},{"vendor":"cayintech","product":"smp-2300","cpes":["cpe:2.3:h:cayintech:smp-2300:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"3.0","status":"affected","lessThanOrEqual":"4.0","versionType":"custom"}]},{"vendor":"cayintech","product":"smp-2310","cpes":["cpe:2.3:h:cayintech:smp-2310:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"3.0","status":"affected","lessThanOrEqual":"4.0","versionType":"custom"}]},{"vendor":"cayintech","product":"smp-6000","cpes":["cpe:2.3:h:cayintech:smp-6000:3.0:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"3.0","status":"affected"}]},{"vendor":"cayintech","product":"smp-8000","cpes":["cpe:2.3:h:cayintech:smp-8000:3.0:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"3.0","status":"affected"}]},{"vendor":"cayintech","product":"smp-8000qd","cpes":["cpe:2.3:h:cayintech:smp-8000qd:3.0:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"3.0","status":"affected"}]},{"vendor":"cayintech","product":"cms-20","cpes":["cpe:2.3:h:cayintech:cms-20:11.0:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"11.0","status":"affected"}]},{"vendor":"cayintech","product":"cms-60","cpes":["cpe:2.3:h:cayintech:cms-60:11.0:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"11.0","status":"affected"}]},{"vendor":"cayintech","product":"cms-se","cpes":["cpe:2.3:h:cayintech:cms-se:11.0:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"11.0","status":"affected"}]},{"vendor":"cayintech","product":"cms-se\\(18.04\\)","cpes":["cpe:2.3:h:cayintech:cms-se\\(18.04\\):11.0:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"11.0","status":"affected"}]},{"vendor":"cayintech","product":"cms-se\\(22.04\\)","cpes":["cpe:2.3:h:cayintech:cms-se\\(22.04\\):11.0:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"11.0","status":"affected"}]},{"vendor":"cayintech","product":"smp-8100","cpes":["cpe:2.3:h:cayintech:smp-8100:4.0:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"4.0","status":"affected"}]},{"vendor":"cayintech","product":"smp-2400","cpes":["cpe:2.3:h:cayintech:smp-2400:4.0:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"4.0","status":"affected"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-08-16T15:25:14.308294Z","id":"CVE-2024-7729","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-08-16T15:46:19.420Z"}}]}}