Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for Mobile One Time Password by CHANGING

    CVE-2024-3123 (GCVE-0-2024-3123)

    Vulnerability from nvd – Published: 2024-07-01 02:52 – Updated: 2024-08-01 19:32
    VLAI
    Title
    CHANGING Mobile One Time Password - Arbitrary File Upload
    Summary
    CHANGING Mobile One Time Password's uploading function in a hidden page does not filter file type properly. Remote attackers with administrator privilege can exploit this vulnerability to upload and run malicious file to execute system commands.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    References
    Impacted products
    Vendor Product Version
    CHANGING Mobile One Time Password Affected: 3.11 , ≤ 3.11.3 (custom)
    Create a notification for this product.
    changingtec mobile_one_time_password Affected: 3.11 , ≤ 3.11.3 (custom)
        cpe:2.3:a:changingtec:mobile_one_time_password:3.11:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-07-01 02:52
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:changingtec:mobile_one_time_password:3.11:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "mobile_one_time_password",
                "vendor": "changingtec",
                "versions": [
                  {
                    "lessThanOrEqual": "3.11.3",
                    "status": "affected",
                    "version": "3.11",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-3123",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-01T14:09:05.509944Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-02T14:21:02.687Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T19:32:42.884Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://www.twcert.org.tw/tw/cp-132-7913-6528e-1.html"
              },
              {
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://www.twcert.org.tw/en/cp-139-7914-33fbb-2.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Mobile One Time Password",
              "vendor": "CHANGING",
              "versions": [
                {
                  "lessThanOrEqual": "3.11.3",
                  "status": "affected",
                  "version": "3.11",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2024-07-01T02:52:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "CHANGING Mobile One Time Password\u0027s uploading function in a hidden page does not filter file type properly. Remote attackers with  administrator privilege can exploit this vulnerability to upload and run malicious file to execute system commands."
                }
              ],
              "value": "CHANGING Mobile One Time Password\u0027s uploading function in a hidden page does not filter file type properly. Remote attackers with  administrator privilege can exploit this vulnerability to upload and run malicious file to execute system commands."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-650",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-650 Upload a Web Shell to a Web Server"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-01T02:52:34.721Z",
            "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
            "shortName": "twcert"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.twcert.org.tw/tw/cp-132-7913-6528e-1.html"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.twcert.org.tw/en/cp-139-7914-33fbb-2.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update to MOTP 3.11.3 Patch 1 or later version or install the patch."
                }
              ],
              "value": "Update to MOTP 3.11.3 Patch 1 or later version or install the patch."
            }
          ],
          "source": {
            "advisory": "TVN-202407002",
            "discovery": "EXTERNAL"
          },
          "title": "CHANGING Mobile One Time Password - Arbitrary File Upload",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "assignerShortName": "twcert",
        "cveId": "CVE-2024-3123",
        "datePublished": "2024-07-01T02:52:34.721Z",
        "dateReserved": "2024-04-01T03:08:28.782Z",
        "dateUpdated": "2024-08-01T19:32:42.884Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-3122 (GCVE-0-2024-3122)

    Vulnerability from nvd – Published: 2024-07-01 02:39 – Updated: 2024-08-01 19:32
    VLAI
    Title
    CHANGING Mobile One Time Password - Arbitrary File Reading
    Summary
    CHANGING Mobile One Time Password does not properly filter parameters for the file download functionality, allowing remote attackers with administrator privilege to read arbitrary file on the system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-23 - Relative Path Traversal
    Assigner
    References
    Impacted products
    Vendor Product Version
    CHANGING Mobile One Time Password Affected: earlier , ≤ 3.11.2 (custom)
    Create a notification for this product.
    Date Public
    2024-07-01 02:38
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-3122",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-01T13:16:57.518916Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-01T13:17:07.868Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T19:32:42.703Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://www.twcert.org.tw/tw/cp-132-7911-0962e-1.html"
              },
              {
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://www.twcert.org.tw/en/cp-139-7912-4c800-2.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Mobile One Time Password",
              "vendor": "CHANGING",
              "versions": [
                {
                  "lessThanOrEqual": "3.11.2",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2024-07-01T02:38:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "CHANGING Mobile One Time Password does not properly filter parameters for the file download functionality, allowing remote attackers with administrator privilege to read arbitrary file on the system."
                }
              ],
              "value": "CHANGING Mobile One Time Password does not properly filter parameters for the file download functionality, allowing remote attackers with administrator privilege to read arbitrary file on the system."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-139",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-139 Relative Path Traversal"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-23",
                  "description": "CWE-23: Relative Path Traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-01T02:39:14.560Z",
            "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
            "shortName": "twcert"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.twcert.org.tw/tw/cp-132-7911-0962e-1.html"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.twcert.org.tw/en/cp-139-7912-4c800-2.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update to MOTP 3.11.3 Patch 1 or later version or install the patch."
                }
              ],
              "value": "Update to MOTP 3.11.3 Patch 1 or later version or install the patch."
            }
          ],
          "source": {
            "advisory": "TVN-202407001",
            "discovery": "EXTERNAL"
          },
          "title": "CHANGING Mobile One Time Password - Arbitrary File Reading",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "assignerShortName": "twcert",
        "cveId": "CVE-2024-3122",
        "datePublished": "2024-07-01T02:39:14.560Z",
        "dateReserved": "2024-04-01T02:01:30.133Z",
        "dateUpdated": "2024-08-01T19:32:42.703Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-3123 (GCVE-0-2024-3123)

    Vulnerability from cvelistv5 – Published: 2024-07-01 02:52 – Updated: 2024-08-01 19:32
    VLAI
    Title
    CHANGING Mobile One Time Password - Arbitrary File Upload
    Summary
    CHANGING Mobile One Time Password's uploading function in a hidden page does not filter file type properly. Remote attackers with administrator privilege can exploit this vulnerability to upload and run malicious file to execute system commands.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    References
    Impacted products
    Vendor Product Version
    CHANGING Mobile One Time Password Affected: 3.11 , ≤ 3.11.3 (custom)
    Create a notification for this product.
    changingtec mobile_one_time_password Affected: 3.11 , ≤ 3.11.3 (custom)
        cpe:2.3:a:changingtec:mobile_one_time_password:3.11:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-07-01 02:52
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:changingtec:mobile_one_time_password:3.11:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "mobile_one_time_password",
                "vendor": "changingtec",
                "versions": [
                  {
                    "lessThanOrEqual": "3.11.3",
                    "status": "affected",
                    "version": "3.11",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-3123",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-01T14:09:05.509944Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-02T14:21:02.687Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T19:32:42.884Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://www.twcert.org.tw/tw/cp-132-7913-6528e-1.html"
              },
              {
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://www.twcert.org.tw/en/cp-139-7914-33fbb-2.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Mobile One Time Password",
              "vendor": "CHANGING",
              "versions": [
                {
                  "lessThanOrEqual": "3.11.3",
                  "status": "affected",
                  "version": "3.11",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2024-07-01T02:52:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "CHANGING Mobile One Time Password\u0027s uploading function in a hidden page does not filter file type properly. Remote attackers with  administrator privilege can exploit this vulnerability to upload and run malicious file to execute system commands."
                }
              ],
              "value": "CHANGING Mobile One Time Password\u0027s uploading function in a hidden page does not filter file type properly. Remote attackers with  administrator privilege can exploit this vulnerability to upload and run malicious file to execute system commands."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-650",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-650 Upload a Web Shell to a Web Server"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-01T02:52:34.721Z",
            "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
            "shortName": "twcert"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.twcert.org.tw/tw/cp-132-7913-6528e-1.html"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.twcert.org.tw/en/cp-139-7914-33fbb-2.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update to MOTP 3.11.3 Patch 1 or later version or install the patch."
                }
              ],
              "value": "Update to MOTP 3.11.3 Patch 1 or later version or install the patch."
            }
          ],
          "source": {
            "advisory": "TVN-202407002",
            "discovery": "EXTERNAL"
          },
          "title": "CHANGING Mobile One Time Password - Arbitrary File Upload",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "assignerShortName": "twcert",
        "cveId": "CVE-2024-3123",
        "datePublished": "2024-07-01T02:52:34.721Z",
        "dateReserved": "2024-04-01T03:08:28.782Z",
        "dateUpdated": "2024-08-01T19:32:42.884Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-3122 (GCVE-0-2024-3122)

    Vulnerability from cvelistv5 – Published: 2024-07-01 02:39 – Updated: 2024-08-01 19:32
    VLAI
    Title
    CHANGING Mobile One Time Password - Arbitrary File Reading
    Summary
    CHANGING Mobile One Time Password does not properly filter parameters for the file download functionality, allowing remote attackers with administrator privilege to read arbitrary file on the system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-23 - Relative Path Traversal
    Assigner
    References
    Impacted products
    Vendor Product Version
    CHANGING Mobile One Time Password Affected: earlier , ≤ 3.11.2 (custom)
    Create a notification for this product.
    Date Public
    2024-07-01 02:38
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-3122",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-01T13:16:57.518916Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-01T13:17:07.868Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T19:32:42.703Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://www.twcert.org.tw/tw/cp-132-7911-0962e-1.html"
              },
              {
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://www.twcert.org.tw/en/cp-139-7912-4c800-2.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Mobile One Time Password",
              "vendor": "CHANGING",
              "versions": [
                {
                  "lessThanOrEqual": "3.11.2",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2024-07-01T02:38:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "CHANGING Mobile One Time Password does not properly filter parameters for the file download functionality, allowing remote attackers with administrator privilege to read arbitrary file on the system."
                }
              ],
              "value": "CHANGING Mobile One Time Password does not properly filter parameters for the file download functionality, allowing remote attackers with administrator privilege to read arbitrary file on the system."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-139",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-139 Relative Path Traversal"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-23",
                  "description": "CWE-23: Relative Path Traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-01T02:39:14.560Z",
            "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
            "shortName": "twcert"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.twcert.org.tw/tw/cp-132-7911-0962e-1.html"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.twcert.org.tw/en/cp-139-7912-4c800-2.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update to MOTP 3.11.3 Patch 1 or later version or install the patch."
                }
              ],
              "value": "Update to MOTP 3.11.3 Patch 1 or later version or install the patch."
            }
          ],
          "source": {
            "advisory": "TVN-202407001",
            "discovery": "EXTERNAL"
          },
          "title": "CHANGING Mobile One Time Password - Arbitrary File Reading",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "assignerShortName": "twcert",
        "cveId": "CVE-2024-3122",
        "datePublished": "2024-07-01T02:39:14.560Z",
        "dateReserved": "2024-04-01T02:01:30.133Z",
        "dateUpdated": "2024-08-01T19:32:42.703Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }