Search
Find a vulnerability
Search criteria
4 vulnerabilities found for SMP-2200 by CAYIN Technology
CVE-2020-36910 (GCVE-0-2020-36910)
Vulnerability from nvd – Published: 2026-01-06 15:52 – Updated: 2026-01-06 19:32
VLAI
Title
Cayin Signage Media Player 3.0 Authenticated Remote Command Injection via NTP Parameter
Summary
Cayin Signage Media Player 3.0 contains an authenticated remote command injection vulnerability in system.cgi and wizard_system.cgi pages. Attackers can exploit the 'NTP_Server_IP' parameter with default credentials to execute arbitrary shell commands as root.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/48557 | exploit |
| https://www.cayintech.com | product |
| https://www.zeroscience.mk/en/vulnerabilities/ZSL… | third-party-advisory |
| https://packetstorm.news/files/id/157942 | exploit |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entry |
| https://cxsecurity.com/issue/WLB-2020060049 | exploit |
| https://www.vulncheck.com/advisories/cayin-signag… | third-party-advisory |
Impacted products
19 products
| Vendor | Product | Version | |
|---|---|---|---|
| CAYIN Technology | SMP-8000QD |
Affected:
3.0
|
|
| CAYIN Technology | SMP-8000 |
Affected:
3.0
|
|
| CAYIN Technology | SMP-6000 |
Affected:
3.0 Build 19025
Affected: 1.0 Build 14246 Affected: 1.0 Build 14199 Affected: 1.0 Build 14167 Affected: 1.0 Build 14097 Affected: 1.0 Build 14090 Affected: 1.0 Build 14069 Affected: 1.0 Build 14062 |
|
| CAYIN Technology | SMP-4000 |
Affected:
1.0 Build 14098
Affected: 1.0 Build 14092 Affected: 1.0 Build 14087 |
|
| CAYIN Technology | SMP-2310 |
Affected:
3.0
|
|
| CAYIN Technology | SMP-2300 |
Affected:
3.0 Build 19316
|
|
| CAYIN Technology | SMP-2210 |
Affected:
3.0 Build 19025
|
|
| CAYIN Technology | SMP-2200 |
Affected:
3.0 Build 19029
Affected: 3.0 Build 19025 |
|
| CAYIN Technology | SMP-2100 |
Affected:
10.0 Build 16228
Affected: 3.0 |
|
| CAYIN Technology | SMP-2000 |
Affected:
1.0 Build 14167
Affected: 1.0 Build 14087 |
|
| CAYIN Technology | SMP-1000 |
Affected:
1.0 Build 14099
|
|
| CAYIN Technology | SMP-PROPLUS |
Affected:
1.5 Build 10081
|
|
| CAYIN Technology | SMP-WEBPLUS |
Affected:
6.5 Build 11126
|
|
| CAYIN Technology | SMP-WEB4 |
Affected:
2.0 Build 13073
Affected: 2.0 Build 11175 Affected: 1.5 Build 11476 Affected: 1.5 Build 11126 Affected: 1.0 Build 10301 |
|
| CAYIN Technology | SMP-300 |
Affected:
1.0 Build 14177
|
|
| CAYIN Technology | SMP-200 |
Affected:
1.0 Build 13080
Affected: 1.0 Build 12331 |
|
| CAYIN Technology | SMP-PRO4 |
Affected:
1.0
|
|
| CAYIN Technology | SMP-NEO2 |
Affected:
1.0
|
|
| CAYIN Technology | SMP-NEO |
Affected:
1.0
|
Date Public
2020-06-04 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-36910",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-06T19:31:33.067714Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-06T19:32:13.853Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SMP-8000QD",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "3.0"
}
]
},
{
"product": "SMP-8000",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "3.0"
}
]
},
{
"product": "SMP-6000",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "3.0 Build 19025"
},
{
"status": "affected",
"version": "1.0 Build 14246"
},
{
"status": "affected",
"version": "1.0 Build 14199"
},
{
"status": "affected",
"version": "1.0 Build 14167"
},
{
"status": "affected",
"version": "1.0 Build 14097"
},
{
"status": "affected",
"version": "1.0 Build 14090"
},
{
"status": "affected",
"version": "1.0 Build 14069"
},
{
"status": "affected",
"version": "1.0 Build 14062"
}
]
},
{
"product": "SMP-4000",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "1.0 Build 14098"
},
{
"status": "affected",
"version": "1.0 Build 14092"
},
{
"status": "affected",
"version": "1.0 Build 14087"
}
]
},
{
"product": "SMP-2310",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "3.0"
}
]
},
{
"product": "SMP-2300",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "3.0 Build 19316"
}
]
},
{
"product": "SMP-2210",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "3.0 Build 19025"
}
]
},
{
"product": "SMP-2200",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "3.0 Build 19029"
},
{
"status": "affected",
"version": "3.0 Build 19025"
}
]
},
{
"product": "SMP-2100",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "10.0 Build 16228"
},
{
"status": "affected",
"version": "3.0"
}
]
},
{
"product": "SMP-2000",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "1.0 Build 14167"
},
{
"status": "affected",
"version": "1.0 Build 14087"
}
]
},
{
"product": "SMP-1000",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "1.0 Build 14099"
}
]
},
{
"product": "SMP-PROPLUS",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "1.5 Build 10081"
}
]
},
{
"product": "SMP-WEBPLUS",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "6.5 Build 11126"
}
]
},
{
"product": "SMP-WEB4",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "2.0 Build 13073"
},
{
"status": "affected",
"version": "2.0 Build 11175"
},
{
"status": "affected",
"version": "1.5 Build 11476"
},
{
"status": "affected",
"version": "1.5 Build 11126"
},
{
"status": "affected",
"version": "1.0 Build 10301"
}
]
},
{
"product": "SMP-300",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "1.0 Build 14177"
}
]
},
{
"product": "SMP-200",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "1.0 Build 13080"
},
{
"status": "affected",
"version": "1.0 Build 12331"
}
]
},
{
"product": "SMP-PRO4",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
},
{
"product": "SMP-NEO2",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
},
{
"product": "SMP-NEO",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"
}
],
"datePublic": "2020-06-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cayin Signage Media Player 3.0 contains an authenticated remote command injection vulnerability in system.cgi and wizard_system.cgi pages. Attackers can exploit the \u0027NTP_Server_IP\u0027 parameter with default credentials to execute arbitrary shell commands as root."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-06T15:52:22.576Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-48557",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/48557"
},
{
"name": "Cayin Technology Official Website",
"tags": [
"product"
],
"url": "https://www.cayintech.com"
},
{
"name": "Zero Science Lab Disclosure (ZSL-2020-5569)",
"tags": [
"third-party-advisory"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5569.php"
},
{
"name": "Packet Storm Security Exploit Entry",
"tags": [
"exploit"
],
"url": "https://packetstorm.news/files/id/157942"
},
{
"name": "IBM X-Force Vulnerability Exchange",
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182924"
},
{
"name": "CXSecurity Vulnerability Listing",
"tags": [
"exploit"
],
"url": "https://cxsecurity.com/issue/WLB-2020060049"
},
{
"name": "VulnCheck Advisory: Cayin Signage Media Player 3.0 Authenticated Remote Command Injection via NTP Parameter",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/cayin-signage-media-player-authenticated-remote-command-injection-via-ntp-parameter"
}
],
"title": "Cayin Signage Media Player 3.0 Authenticated Remote Command Injection via NTP Parameter",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2020-36910",
"datePublished": "2026-01-06T15:52:22.576Z",
"dateReserved": "2026-01-03T14:10:13.300Z",
"dateUpdated": "2026-01-06T19:32:13.853Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-7729 (GCVE-0-2024-7729)
Vulnerability from nvd – Published: 2024-08-14 03:52 – Updated: 2024-08-16 15:46
VLAI
Title
CAYIN Technology CMS - Sensitive File Download
Summary
The CAYIN Technology CMS lacks proper access control, allowing unauthenticated remote attackers to download arbitrary CGI files.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-8003-5543e-1.html | third-party-advisory |
| https://www.twcert.org.tw/en/cp-139-8004-ed9aa-2.html | third-party-advisory |
| https://resource1.cayintech.com/patch/ | patch |
Impacted products
30 products
| Vendor | Product | Version | |
|---|---|---|---|
| CAYIN Technology | SMP-2100 |
Affected:
3.0
|
|
| CAYIN Technology | SMP-2200 |
Affected:
3.0 , ≤ 4.0
(custom)
|
|
| CAYIN Technology | SMP-2210 |
Affected:
3.0 , ≤ 4.0
(custom)
|
|
| CAYIN Technology | SMP-2300 |
Affected:
3.0 , ≤ 4.0
(custom)
|
|
| CAYIN Technology | SMP-2310 |
Affected:
3.0 , ≤ 4.0
(custom)
|
|
| CAYIN Technology | SMP-6000 |
Affected:
3.0
|
|
| CAYIN Technology | SMP-8000 |
Affected:
3.0
|
|
| CAYIN Technology | SMP-8000QD |
Affected:
3.0
|
|
| CAYIN Technology | CMS-20 |
Affected:
11.0
|
|
| CAYIN Technology | CMS-60 |
Affected:
11.0
|
|
| CAYIN Technology | CMS-SE |
Affected:
11.0
|
|
| CAYIN Technology | CMS-SE(18.04) |
Affected:
11.0
|
|
| CAYIN Technology | CMS-SE(22.04) |
Affected:
11.0
|
|
| CAYIN Technology | SMP-8100 |
Affected:
4.0
|
|
| CAYIN Technology | SMP-2400 |
Affected:
4.0
|
|
| cayintech | smp-2100 |
Affected:
3.0
cpe:2.3:h:cayintech:smp-2100:3.0:*:*:*:*:*:*:* |
|
| cayintech | smp-2200 |
Affected:
3.0 , ≤ 4.0
(custom)
cpe:2.3:h:cayintech:smp-2200:*:*:*:*:*:*:*:* |
|
| cayintech | smp-2210 |
Affected:
3.0 , ≤ 4.0
(custom)
cpe:2.3:h:cayintech:smp-2210:*:*:*:*:*:*:*:* |
|
| cayintech | smp-2300 |
Affected:
3.0 , ≤ 4.0
(custom)
cpe:2.3:h:cayintech:smp-2300:*:*:*:*:*:*:*:* |
|
| cayintech | smp-2310 |
Affected:
3.0 , ≤ 4.0
(custom)
cpe:2.3:h:cayintech:smp-2310:*:*:*:*:*:*:*:* |
|
| cayintech | smp-6000 |
Affected:
3.0
cpe:2.3:h:cayintech:smp-6000:3.0:*:*:*:*:*:*:* |
|
| cayintech | smp-8000 |
Affected:
3.0
cpe:2.3:h:cayintech:smp-8000:3.0:*:*:*:*:*:*:* |
|
| cayintech | smp-8000qd |
Affected:
3.0
cpe:2.3:h:cayintech:smp-8000qd:3.0:*:*:*:*:*:*:* |
|
| cayintech | cms-20 |
Affected:
11.0
cpe:2.3:h:cayintech:cms-20:11.0:*:*:*:*:*:*:* |
|
| cayintech | cms-60 |
Affected:
11.0
cpe:2.3:h:cayintech:cms-60:11.0:*:*:*:*:*:*:* |
|
| cayintech | cms-se |
Affected:
11.0
cpe:2.3:h:cayintech:cms-se:11.0:*:*:*:*:*:*:* |
|
| cayintech | cms-se\(18.04\) |
Affected:
11.0
cpe:2.3:h:cayintech:cms-se\(18.04\):11.0:*:*:*:*:*:*:* |
|
| cayintech | cms-se\(22.04\) |
Affected:
11.0
cpe:2.3:h:cayintech:cms-se\(22.04\):11.0:*:*:*:*:*:*:* |
|
| cayintech | smp-8100 |
Affected:
4.0
cpe:2.3:h:cayintech:smp-8100:4.0:*:*:*:*:*:*:* |
|
| cayintech | smp-2400 |
Affected:
4.0
cpe:2.3:h:cayintech:smp-2400:4.0:*:*:*:*:*:*:* |
Date Public
2024-08-14 03:29
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:cayintech:smp-2100:3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smp-2100",
"vendor": "cayintech",
"versions": [
{
"status": "affected",
"version": "3.0"
}
]
},
{
"cpes": [
"cpe:2.3:h:cayintech:smp-2200:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smp-2200",
"vendor": "cayintech",
"versions": [
{
"lessThanOrEqual": "4.0",
"status": "affected",
"version": "3.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:cayintech:smp-2210:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smp-2210",
"vendor": "cayintech",
"versions": [
{
"lessThanOrEqual": "4.0",
"status": "affected",
"version": "3.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:cayintech:smp-2300:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smp-2300",
"vendor": "cayintech",
"versions": [
{
"lessThanOrEqual": "4.0",
"status": "affected",
"version": "3.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:cayintech:smp-2310:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smp-2310",
"vendor": "cayintech",
"versions": [
{
"lessThanOrEqual": "4.0",
"status": "affected",
"version": "3.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:cayintech:smp-6000:3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smp-6000",
"vendor": "cayintech",
"versions": [
{
"status": "affected",
"version": "3.0"
}
]
},
{
"cpes": [
"cpe:2.3:h:cayintech:smp-8000:3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smp-8000",
"vendor": "cayintech",
"versions": [
{
"status": "affected",
"version": "3.0"
}
]
},
{
"cpes": [
"cpe:2.3:h:cayintech:smp-8000qd:3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smp-8000qd",
"vendor": "cayintech",
"versions": [
{
"status": "affected",
"version": "3.0"
}
]
},
{
"cpes": [
"cpe:2.3:h:cayintech:cms-20:11.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cms-20",
"vendor": "cayintech",
"versions": [
{
"status": "affected",
"version": "11.0"
}
]
},
{
"cpes": [
"cpe:2.3:h:cayintech:cms-60:11.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cms-60",
"vendor": "cayintech",
"versions": [
{
"status": "affected",
"version": "11.0"
}
]
},
{
"cpes": [
"cpe:2.3:h:cayintech:cms-se:11.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cms-se",
"vendor": "cayintech",
"versions": [
{
"status": "affected",
"version": "11.0"
}
]
},
{
"cpes": [
"cpe:2.3:h:cayintech:cms-se\\(18.04\\):11.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cms-se\\(18.04\\)",
"vendor": "cayintech",
"versions": [
{
"status": "affected",
"version": "11.0"
}
]
},
{
"cpes": [
"cpe:2.3:h:cayintech:cms-se\\(22.04\\):11.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cms-se\\(22.04\\)",
"vendor": "cayintech",
"versions": [
{
"status": "affected",
"version": "11.0"
}
]
},
{
"cpes": [
"cpe:2.3:h:cayintech:smp-8100:4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smp-8100",
"vendor": "cayintech",
"versions": [
{
"status": "affected",
"version": "4.0"
}
]
},
{
"cpes": [
"cpe:2.3:h:cayintech:smp-2400:4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smp-2400",
"vendor": "cayintech",
"versions": [
{
"status": "affected",
"version": "4.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7729",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-16T15:25:14.308294Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-16T15:46:19.420Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SMP-2100",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "3.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SMP-2200",
"vendor": "CAYIN Technology",
"versions": [
{
"lessThanOrEqual": "4.0",
"status": "affected",
"version": "3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SMP-2210",
"vendor": "CAYIN Technology",
"versions": [
{
"lessThanOrEqual": "4.0",
"status": "affected",
"version": "3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SMP-2300",
"vendor": "CAYIN Technology",
"versions": [
{
"lessThanOrEqual": "4.0",
"status": "affected",
"version": "3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SMP-2310",
"vendor": "CAYIN Technology",
"versions": [
{
"lessThanOrEqual": "4.0",
"status": "affected",
"version": "3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SMP-6000",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "3.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SMP-8000",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "3.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SMP-8000QD",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "3.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CMS-20",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "11.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CMS-60",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "11.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CMS-SE",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "11.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CMS-SE(18.04)",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "11.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CMS-SE(22.04)",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "11.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SMP-8100",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "4.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SMP-2400",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "4.0"
}
]
}
],
"datePublic": "2024-08-14T03:29:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The CAYIN Technology CMS lacks proper access control, allowing unauthenticated remote attackers to download arbitrary CGI files."
}
],
"value": "The CAYIN Technology CMS lacks proper access control, allowing unauthenticated remote attackers to download arbitrary CGI files."
}
],
"impacts": [
{
"capecId": "CAPEC-497",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-497 File Discovery"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T03:52:43.673Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-8003-5543e-1.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/en/cp-139-8004-ed9aa-2.html"
},
{
"tags": [
"patch"
],
"url": "https://resource1.cayintech.com/patch/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eInstall patch P24012 or later for following versions\uff1a\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSMP-2100 v3.0\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSMP-2200 v3.0\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSMP-2210 v3.0\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSMP-2300 v3.0\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSMP-2310 v3.0\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSMP-6000 v3.0\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSMP-8000 v3.0\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSMP-8000QD v3.0\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eInstall patch P24006 or later for following versions\uff1a\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCMS-20 v11.0\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCMS-60 v11.0\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCMS-SE v11.0\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCMS-SE(18.04) v11.0\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eInstall patch P24007 or later for following versions\uff1a\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCMS-SE(22.04) v11.0\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eInstall patch P24008 or later for following versions\uff1a\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSMP-2200 v4.0\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSMP-2210 v4.0\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSMP-2300 v4.0\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSMP-2310 v4.0\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSMP-8100 v4.0\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eInstall patch P24009 or later for following versions\uff1a\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSMP-2400 v4.0\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Install patch P24012 or later for following versions\uff1a\nSMP-2100 v3.0\nSMP-2200 v3.0\nSMP-2210 v3.0\nSMP-2300 v3.0\nSMP-2310 v3.0\nSMP-6000 v3.0\nSMP-8000 v3.0\nSMP-8000QD v3.0\n\nInstall patch P24006 or later for following versions\uff1a\nCMS-20 v11.0\nCMS-60 v11.0\nCMS-SE v11.0\nCMS-SE(18.04) v11.0\n\nInstall patch P24007 or later for following versions\uff1a\nCMS-SE(22.04) v11.0\n\nInstall patch P24008 or later for following versions\uff1a\nSMP-2200 v4.0\nSMP-2210 v4.0\nSMP-2300 v4.0\nSMP-2310 v4.0\nSMP-8100 v4.0\n\nInstall patch P24009 or later for following versions\uff1a\nSMP-2400 v4.0"
}
],
"source": {
"advisory": "TVN-202408004",
"discovery": "EXTERNAL"
},
"title": "CAYIN Technology CMS - Sensitive File Download",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2024-7729",
"datePublished": "2024-08-14T03:52:43.673Z",
"dateReserved": "2024-08-13T06:08:30.865Z",
"dateUpdated": "2024-08-16T15:46:19.420Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-36910 (GCVE-0-2020-36910)
Vulnerability from cvelistv5 – Published: 2026-01-06 15:52 – Updated: 2026-01-06 19:32
VLAI
Title
Cayin Signage Media Player 3.0 Authenticated Remote Command Injection via NTP Parameter
Summary
Cayin Signage Media Player 3.0 contains an authenticated remote command injection vulnerability in system.cgi and wizard_system.cgi pages. Attackers can exploit the 'NTP_Server_IP' parameter with default credentials to execute arbitrary shell commands as root.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/48557 | exploit |
| https://www.cayintech.com | product |
| https://www.zeroscience.mk/en/vulnerabilities/ZSL… | third-party-advisory |
| https://packetstorm.news/files/id/157942 | exploit |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entry |
| https://cxsecurity.com/issue/WLB-2020060049 | exploit |
| https://www.vulncheck.com/advisories/cayin-signag… | third-party-advisory |
Impacted products
19 products
| Vendor | Product | Version | |
|---|---|---|---|
| CAYIN Technology | SMP-8000QD |
Affected:
3.0
|
|
| CAYIN Technology | SMP-8000 |
Affected:
3.0
|
|
| CAYIN Technology | SMP-6000 |
Affected:
3.0 Build 19025
Affected: 1.0 Build 14246 Affected: 1.0 Build 14199 Affected: 1.0 Build 14167 Affected: 1.0 Build 14097 Affected: 1.0 Build 14090 Affected: 1.0 Build 14069 Affected: 1.0 Build 14062 |
|
| CAYIN Technology | SMP-4000 |
Affected:
1.0 Build 14098
Affected: 1.0 Build 14092 Affected: 1.0 Build 14087 |
|
| CAYIN Technology | SMP-2310 |
Affected:
3.0
|
|
| CAYIN Technology | SMP-2300 |
Affected:
3.0 Build 19316
|
|
| CAYIN Technology | SMP-2210 |
Affected:
3.0 Build 19025
|
|
| CAYIN Technology | SMP-2200 |
Affected:
3.0 Build 19029
Affected: 3.0 Build 19025 |
|
| CAYIN Technology | SMP-2100 |
Affected:
10.0 Build 16228
Affected: 3.0 |
|
| CAYIN Technology | SMP-2000 |
Affected:
1.0 Build 14167
Affected: 1.0 Build 14087 |
|
| CAYIN Technology | SMP-1000 |
Affected:
1.0 Build 14099
|
|
| CAYIN Technology | SMP-PROPLUS |
Affected:
1.5 Build 10081
|
|
| CAYIN Technology | SMP-WEBPLUS |
Affected:
6.5 Build 11126
|
|
| CAYIN Technology | SMP-WEB4 |
Affected:
2.0 Build 13073
Affected: 2.0 Build 11175 Affected: 1.5 Build 11476 Affected: 1.5 Build 11126 Affected: 1.0 Build 10301 |
|
| CAYIN Technology | SMP-300 |
Affected:
1.0 Build 14177
|
|
| CAYIN Technology | SMP-200 |
Affected:
1.0 Build 13080
Affected: 1.0 Build 12331 |
|
| CAYIN Technology | SMP-PRO4 |
Affected:
1.0
|
|
| CAYIN Technology | SMP-NEO2 |
Affected:
1.0
|
|
| CAYIN Technology | SMP-NEO |
Affected:
1.0
|
Date Public
2020-06-04 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-36910",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-06T19:31:33.067714Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-06T19:32:13.853Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SMP-8000QD",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "3.0"
}
]
},
{
"product": "SMP-8000",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "3.0"
}
]
},
{
"product": "SMP-6000",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "3.0 Build 19025"
},
{
"status": "affected",
"version": "1.0 Build 14246"
},
{
"status": "affected",
"version": "1.0 Build 14199"
},
{
"status": "affected",
"version": "1.0 Build 14167"
},
{
"status": "affected",
"version": "1.0 Build 14097"
},
{
"status": "affected",
"version": "1.0 Build 14090"
},
{
"status": "affected",
"version": "1.0 Build 14069"
},
{
"status": "affected",
"version": "1.0 Build 14062"
}
]
},
{
"product": "SMP-4000",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "1.0 Build 14098"
},
{
"status": "affected",
"version": "1.0 Build 14092"
},
{
"status": "affected",
"version": "1.0 Build 14087"
}
]
},
{
"product": "SMP-2310",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "3.0"
}
]
},
{
"product": "SMP-2300",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "3.0 Build 19316"
}
]
},
{
"product": "SMP-2210",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "3.0 Build 19025"
}
]
},
{
"product": "SMP-2200",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "3.0 Build 19029"
},
{
"status": "affected",
"version": "3.0 Build 19025"
}
]
},
{
"product": "SMP-2100",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "10.0 Build 16228"
},
{
"status": "affected",
"version": "3.0"
}
]
},
{
"product": "SMP-2000",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "1.0 Build 14167"
},
{
"status": "affected",
"version": "1.0 Build 14087"
}
]
},
{
"product": "SMP-1000",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "1.0 Build 14099"
}
]
},
{
"product": "SMP-PROPLUS",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "1.5 Build 10081"
}
]
},
{
"product": "SMP-WEBPLUS",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "6.5 Build 11126"
}
]
},
{
"product": "SMP-WEB4",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "2.0 Build 13073"
},
{
"status": "affected",
"version": "2.0 Build 11175"
},
{
"status": "affected",
"version": "1.5 Build 11476"
},
{
"status": "affected",
"version": "1.5 Build 11126"
},
{
"status": "affected",
"version": "1.0 Build 10301"
}
]
},
{
"product": "SMP-300",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "1.0 Build 14177"
}
]
},
{
"product": "SMP-200",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "1.0 Build 13080"
},
{
"status": "affected",
"version": "1.0 Build 12331"
}
]
},
{
"product": "SMP-PRO4",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
},
{
"product": "SMP-NEO2",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
},
{
"product": "SMP-NEO",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"
}
],
"datePublic": "2020-06-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cayin Signage Media Player 3.0 contains an authenticated remote command injection vulnerability in system.cgi and wizard_system.cgi pages. Attackers can exploit the \u0027NTP_Server_IP\u0027 parameter with default credentials to execute arbitrary shell commands as root."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-06T15:52:22.576Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-48557",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/48557"
},
{
"name": "Cayin Technology Official Website",
"tags": [
"product"
],
"url": "https://www.cayintech.com"
},
{
"name": "Zero Science Lab Disclosure (ZSL-2020-5569)",
"tags": [
"third-party-advisory"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5569.php"
},
{
"name": "Packet Storm Security Exploit Entry",
"tags": [
"exploit"
],
"url": "https://packetstorm.news/files/id/157942"
},
{
"name": "IBM X-Force Vulnerability Exchange",
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182924"
},
{
"name": "CXSecurity Vulnerability Listing",
"tags": [
"exploit"
],
"url": "https://cxsecurity.com/issue/WLB-2020060049"
},
{
"name": "VulnCheck Advisory: Cayin Signage Media Player 3.0 Authenticated Remote Command Injection via NTP Parameter",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/cayin-signage-media-player-authenticated-remote-command-injection-via-ntp-parameter"
}
],
"title": "Cayin Signage Media Player 3.0 Authenticated Remote Command Injection via NTP Parameter",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2020-36910",
"datePublished": "2026-01-06T15:52:22.576Z",
"dateReserved": "2026-01-03T14:10:13.300Z",
"dateUpdated": "2026-01-06T19:32:13.853Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-7729 (GCVE-0-2024-7729)
Vulnerability from cvelistv5 – Published: 2024-08-14 03:52 – Updated: 2024-08-16 15:46
VLAI
Title
CAYIN Technology CMS - Sensitive File Download
Summary
The CAYIN Technology CMS lacks proper access control, allowing unauthenticated remote attackers to download arbitrary CGI files.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-8003-5543e-1.html | third-party-advisory |
| https://www.twcert.org.tw/en/cp-139-8004-ed9aa-2.html | third-party-advisory |
| https://resource1.cayintech.com/patch/ | patch |
Impacted products
30 products
| Vendor | Product | Version | |
|---|---|---|---|
| CAYIN Technology | SMP-2100 |
Affected:
3.0
|
|
| CAYIN Technology | SMP-2200 |
Affected:
3.0 , ≤ 4.0
(custom)
|
|
| CAYIN Technology | SMP-2210 |
Affected:
3.0 , ≤ 4.0
(custom)
|
|
| CAYIN Technology | SMP-2300 |
Affected:
3.0 , ≤ 4.0
(custom)
|
|
| CAYIN Technology | SMP-2310 |
Affected:
3.0 , ≤ 4.0
(custom)
|
|
| CAYIN Technology | SMP-6000 |
Affected:
3.0
|
|
| CAYIN Technology | SMP-8000 |
Affected:
3.0
|
|
| CAYIN Technology | SMP-8000QD |
Affected:
3.0
|
|
| CAYIN Technology | CMS-20 |
Affected:
11.0
|
|
| CAYIN Technology | CMS-60 |
Affected:
11.0
|
|
| CAYIN Technology | CMS-SE |
Affected:
11.0
|
|
| CAYIN Technology | CMS-SE(18.04) |
Affected:
11.0
|
|
| CAYIN Technology | CMS-SE(22.04) |
Affected:
11.0
|
|
| CAYIN Technology | SMP-8100 |
Affected:
4.0
|
|
| CAYIN Technology | SMP-2400 |
Affected:
4.0
|
|
| cayintech | smp-2100 |
Affected:
3.0
cpe:2.3:h:cayintech:smp-2100:3.0:*:*:*:*:*:*:* |
|
| cayintech | smp-2200 |
Affected:
3.0 , ≤ 4.0
(custom)
cpe:2.3:h:cayintech:smp-2200:*:*:*:*:*:*:*:* |
|
| cayintech | smp-2210 |
Affected:
3.0 , ≤ 4.0
(custom)
cpe:2.3:h:cayintech:smp-2210:*:*:*:*:*:*:*:* |
|
| cayintech | smp-2300 |
Affected:
3.0 , ≤ 4.0
(custom)
cpe:2.3:h:cayintech:smp-2300:*:*:*:*:*:*:*:* |
|
| cayintech | smp-2310 |
Affected:
3.0 , ≤ 4.0
(custom)
cpe:2.3:h:cayintech:smp-2310:*:*:*:*:*:*:*:* |
|
| cayintech | smp-6000 |
Affected:
3.0
cpe:2.3:h:cayintech:smp-6000:3.0:*:*:*:*:*:*:* |
|
| cayintech | smp-8000 |
Affected:
3.0
cpe:2.3:h:cayintech:smp-8000:3.0:*:*:*:*:*:*:* |
|
| cayintech | smp-8000qd |
Affected:
3.0
cpe:2.3:h:cayintech:smp-8000qd:3.0:*:*:*:*:*:*:* |
|
| cayintech | cms-20 |
Affected:
11.0
cpe:2.3:h:cayintech:cms-20:11.0:*:*:*:*:*:*:* |
|
| cayintech | cms-60 |
Affected:
11.0
cpe:2.3:h:cayintech:cms-60:11.0:*:*:*:*:*:*:* |
|
| cayintech | cms-se |
Affected:
11.0
cpe:2.3:h:cayintech:cms-se:11.0:*:*:*:*:*:*:* |
|
| cayintech | cms-se\(18.04\) |
Affected:
11.0
cpe:2.3:h:cayintech:cms-se\(18.04\):11.0:*:*:*:*:*:*:* |
|
| cayintech | cms-se\(22.04\) |
Affected:
11.0
cpe:2.3:h:cayintech:cms-se\(22.04\):11.0:*:*:*:*:*:*:* |
|
| cayintech | smp-8100 |
Affected:
4.0
cpe:2.3:h:cayintech:smp-8100:4.0:*:*:*:*:*:*:* |
|
| cayintech | smp-2400 |
Affected:
4.0
cpe:2.3:h:cayintech:smp-2400:4.0:*:*:*:*:*:*:* |
Date Public
2024-08-14 03:29
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:cayintech:smp-2100:3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smp-2100",
"vendor": "cayintech",
"versions": [
{
"status": "affected",
"version": "3.0"
}
]
},
{
"cpes": [
"cpe:2.3:h:cayintech:smp-2200:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smp-2200",
"vendor": "cayintech",
"versions": [
{
"lessThanOrEqual": "4.0",
"status": "affected",
"version": "3.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:cayintech:smp-2210:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smp-2210",
"vendor": "cayintech",
"versions": [
{
"lessThanOrEqual": "4.0",
"status": "affected",
"version": "3.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:cayintech:smp-2300:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smp-2300",
"vendor": "cayintech",
"versions": [
{
"lessThanOrEqual": "4.0",
"status": "affected",
"version": "3.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:cayintech:smp-2310:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smp-2310",
"vendor": "cayintech",
"versions": [
{
"lessThanOrEqual": "4.0",
"status": "affected",
"version": "3.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:cayintech:smp-6000:3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smp-6000",
"vendor": "cayintech",
"versions": [
{
"status": "affected",
"version": "3.0"
}
]
},
{
"cpes": [
"cpe:2.3:h:cayintech:smp-8000:3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smp-8000",
"vendor": "cayintech",
"versions": [
{
"status": "affected",
"version": "3.0"
}
]
},
{
"cpes": [
"cpe:2.3:h:cayintech:smp-8000qd:3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smp-8000qd",
"vendor": "cayintech",
"versions": [
{
"status": "affected",
"version": "3.0"
}
]
},
{
"cpes": [
"cpe:2.3:h:cayintech:cms-20:11.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cms-20",
"vendor": "cayintech",
"versions": [
{
"status": "affected",
"version": "11.0"
}
]
},
{
"cpes": [
"cpe:2.3:h:cayintech:cms-60:11.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cms-60",
"vendor": "cayintech",
"versions": [
{
"status": "affected",
"version": "11.0"
}
]
},
{
"cpes": [
"cpe:2.3:h:cayintech:cms-se:11.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cms-se",
"vendor": "cayintech",
"versions": [
{
"status": "affected",
"version": "11.0"
}
]
},
{
"cpes": [
"cpe:2.3:h:cayintech:cms-se\\(18.04\\):11.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cms-se\\(18.04\\)",
"vendor": "cayintech",
"versions": [
{
"status": "affected",
"version": "11.0"
}
]
},
{
"cpes": [
"cpe:2.3:h:cayintech:cms-se\\(22.04\\):11.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cms-se\\(22.04\\)",
"vendor": "cayintech",
"versions": [
{
"status": "affected",
"version": "11.0"
}
]
},
{
"cpes": [
"cpe:2.3:h:cayintech:smp-8100:4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smp-8100",
"vendor": "cayintech",
"versions": [
{
"status": "affected",
"version": "4.0"
}
]
},
{
"cpes": [
"cpe:2.3:h:cayintech:smp-2400:4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smp-2400",
"vendor": "cayintech",
"versions": [
{
"status": "affected",
"version": "4.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7729",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-16T15:25:14.308294Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-16T15:46:19.420Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SMP-2100",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "3.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SMP-2200",
"vendor": "CAYIN Technology",
"versions": [
{
"lessThanOrEqual": "4.0",
"status": "affected",
"version": "3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SMP-2210",
"vendor": "CAYIN Technology",
"versions": [
{
"lessThanOrEqual": "4.0",
"status": "affected",
"version": "3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SMP-2300",
"vendor": "CAYIN Technology",
"versions": [
{
"lessThanOrEqual": "4.0",
"status": "affected",
"version": "3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SMP-2310",
"vendor": "CAYIN Technology",
"versions": [
{
"lessThanOrEqual": "4.0",
"status": "affected",
"version": "3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SMP-6000",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "3.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SMP-8000",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "3.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SMP-8000QD",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "3.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CMS-20",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "11.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CMS-60",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "11.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CMS-SE",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "11.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CMS-SE(18.04)",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "11.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CMS-SE(22.04)",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "11.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SMP-8100",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "4.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SMP-2400",
"vendor": "CAYIN Technology",
"versions": [
{
"status": "affected",
"version": "4.0"
}
]
}
],
"datePublic": "2024-08-14T03:29:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The CAYIN Technology CMS lacks proper access control, allowing unauthenticated remote attackers to download arbitrary CGI files."
}
],
"value": "The CAYIN Technology CMS lacks proper access control, allowing unauthenticated remote attackers to download arbitrary CGI files."
}
],
"impacts": [
{
"capecId": "CAPEC-497",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-497 File Discovery"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T03:52:43.673Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-8003-5543e-1.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/en/cp-139-8004-ed9aa-2.html"
},
{
"tags": [
"patch"
],
"url": "https://resource1.cayintech.com/patch/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eInstall patch P24012 or later for following versions\uff1a\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSMP-2100 v3.0\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSMP-2200 v3.0\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSMP-2210 v3.0\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSMP-2300 v3.0\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSMP-2310 v3.0\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSMP-6000 v3.0\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSMP-8000 v3.0\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSMP-8000QD v3.0\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eInstall patch P24006 or later for following versions\uff1a\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCMS-20 v11.0\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCMS-60 v11.0\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCMS-SE v11.0\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCMS-SE(18.04) v11.0\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eInstall patch P24007 or later for following versions\uff1a\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCMS-SE(22.04) v11.0\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eInstall patch P24008 or later for following versions\uff1a\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSMP-2200 v4.0\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSMP-2210 v4.0\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSMP-2300 v4.0\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSMP-2310 v4.0\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSMP-8100 v4.0\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eInstall patch P24009 or later for following versions\uff1a\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSMP-2400 v4.0\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Install patch P24012 or later for following versions\uff1a\nSMP-2100 v3.0\nSMP-2200 v3.0\nSMP-2210 v3.0\nSMP-2300 v3.0\nSMP-2310 v3.0\nSMP-6000 v3.0\nSMP-8000 v3.0\nSMP-8000QD v3.0\n\nInstall patch P24006 or later for following versions\uff1a\nCMS-20 v11.0\nCMS-60 v11.0\nCMS-SE v11.0\nCMS-SE(18.04) v11.0\n\nInstall patch P24007 or later for following versions\uff1a\nCMS-SE(22.04) v11.0\n\nInstall patch P24008 or later for following versions\uff1a\nSMP-2200 v4.0\nSMP-2210 v4.0\nSMP-2300 v4.0\nSMP-2310 v4.0\nSMP-8100 v4.0\n\nInstall patch P24009 or later for following versions\uff1a\nSMP-2400 v4.0"
}
],
"source": {
"advisory": "TVN-202408004",
"discovery": "EXTERNAL"
},
"title": "CAYIN Technology CMS - Sensitive File Download",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2024-7729",
"datePublished": "2024-08-14T03:52:43.673Z",
"dateReserved": "2024-08-13T06:08:30.865Z",
"dateUpdated": "2024-08-16T15:46:19.420Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}