Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for noderp by shanxi_tianneng_technology

    CVE-2024-1006 (GCVE-0-2024-1006)

    Vulnerability from nvd – Published: 2024-01-29 15:31 – Updated: 2025-05-29 15:09
    VLAI
    Title
    Shanxi Diankeyun Technology NODERP Cookie common.php improper authentication
    Summary
    A vulnerability was found in Shanxi Diankeyun Technology NODERP up to 6.0.2 and classified as critical. This issue affects some unknown processing of the file application/index/common.php of the component Cookie Handler. The manipulation of the argument Nod_User_Id/Nod_User_Token leads to improper authentication. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252275. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-287 - Improper Authentication
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.252275 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.252275 signaturepermissions-required
    https://note.zhaoj.in/share/vWuVlU2eg79t broken-linkexploit
    Impacted products
    Vendor Product Version
    Shanxi Diankeyun Technology NODERP Affected: 6.0.0
    Affected: 6.0.1
    Affected: 6.0.2
    Create a notification for this product.
    Credits
    glzjin (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:26:30.398Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.252275"
              },
              {
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.252275"
              },
              {
                "tags": [
                  "broken-link",
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://note.zhaoj.in/share/vWuVlU2eg79t"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-1006",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-08T18:43:18.782325Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-29T15:09:16.325Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "Cookie Handler"
              ],
              "product": "NODERP",
              "vendor": "Shanxi Diankeyun Technology",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0.0"
                },
                {
                  "status": "affected",
                  "version": "6.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.0.2"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "glzjin (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Shanxi Diankeyun Technology NODERP up to 6.0.2 and classified as critical. This issue affects some unknown processing of the file application/index/common.php of the component Cookie Handler. The manipulation of the argument Nod_User_Id/Nod_User_Token leads to improper authentication. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252275. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Eine kritische Schwachstelle wurde in Shanxi Diankeyun Technology NODERP bis 6.0.2 gefunden. Davon betroffen ist unbekannter Code der Datei application/index/common.php der Komponente Cookie Handler. Dank Manipulation des Arguments Nod_User_Id/Nod_User_Token mit unbekannten Daten kann eine improper authentication-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 7.5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287 Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-09T19:13:07.144Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.252275"
            },
            {
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.252275"
            },
            {
              "tags": [
                "broken-link",
                "exploit"
              ],
              "url": "https://note.zhaoj.in/share/vWuVlU2eg79t"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-01-29T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-01-29T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-01-29T08:08:47.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Shanxi Diankeyun Technology NODERP Cookie common.php improper authentication"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-1006",
        "datePublished": "2024-01-29T15:31:04.204Z",
        "dateReserved": "2024-01-29T07:03:38.802Z",
        "dateUpdated": "2025-05-29T15:09:16.325Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-1005 (GCVE-0-2024-1005)

    Vulnerability from nvd – Published: 2024-01-29 15:00 – Updated: 2024-08-29 19:06
    VLAI
    Title
    Shanxi Diankeyun Technology NODERP log file access
    Summary
    A vulnerability has been found in Shanxi Diankeyun Technology NODERP up to 6.0.2 and classified as critical. This vulnerability affects unknown code of the file /runtime/log. The manipulation leads to files or directories accessible. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-252274 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-552 - Files or Directories Accessible
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.252274 vdb-entry
    https://vuldb.com/?ctiid.252274 signaturepermissions-required
    https://note.zhaoj.in/share/M9ERphWTXUPj broken-linkexploit
    Impacted products
    Vendor Product Version
    Shanxi Diankeyun Technology NODERP Affected: 6.0.0
    Affected: 6.0.1
    Affected: 6.0.2
    Create a notification for this product.
    Credits
    glzjin (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:26:30.395Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.252274"
              },
              {
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.252274"
              },
              {
                "tags": [
                  "broken-link",
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://note.zhaoj.in/share/M9ERphWTXUPj"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-1005",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-29T19:04:28.265367Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-29T19:06:37.230Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NODERP",
              "vendor": "Shanxi Diankeyun Technology",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0.0"
                },
                {
                  "status": "affected",
                  "version": "6.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.0.2"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "glzjin (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in Shanxi Diankeyun Technology NODERP up to 6.0.2 and classified as critical. This vulnerability affects unknown code of the file /runtime/log. The manipulation leads to files or directories accessible. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-252274 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "In Shanxi Diankeyun Technology NODERP bis 6.0.2 wurde eine kritische Schwachstelle gefunden. Hierbei betrifft es unbekannten Programmcode der Datei /runtime/log. Dank der Manipulation mit unbekannten Daten kann eine files or directories accessible-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-552",
                  "description": "CWE-552 Files or Directories Accessible",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-09T19:12:47.784Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/?id.252274"
            },
            {
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.252274"
            },
            {
              "tags": [
                "broken-link",
                "exploit"
              ],
              "url": "https://note.zhaoj.in/share/M9ERphWTXUPj"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-01-29T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-01-29T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-01-29T08:08:45.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Shanxi Diankeyun Technology NODERP log file access"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-1005",
        "datePublished": "2024-01-29T15:00:08.394Z",
        "dateReserved": "2024-01-29T07:03:36.764Z",
        "dateUpdated": "2024-08-29T19:06:37.230Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-1006 (GCVE-0-2024-1006)

    Vulnerability from cvelistv5 – Published: 2024-01-29 15:31 – Updated: 2025-05-29 15:09
    VLAI
    Title
    Shanxi Diankeyun Technology NODERP Cookie common.php improper authentication
    Summary
    A vulnerability was found in Shanxi Diankeyun Technology NODERP up to 6.0.2 and classified as critical. This issue affects some unknown processing of the file application/index/common.php of the component Cookie Handler. The manipulation of the argument Nod_User_Id/Nod_User_Token leads to improper authentication. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252275. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-287 - Improper Authentication
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.252275 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.252275 signaturepermissions-required
    https://note.zhaoj.in/share/vWuVlU2eg79t broken-linkexploit
    Impacted products
    Vendor Product Version
    Shanxi Diankeyun Technology NODERP Affected: 6.0.0
    Affected: 6.0.1
    Affected: 6.0.2
    Create a notification for this product.
    Credits
    glzjin (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:26:30.398Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.252275"
              },
              {
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.252275"
              },
              {
                "tags": [
                  "broken-link",
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://note.zhaoj.in/share/vWuVlU2eg79t"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-1006",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-08T18:43:18.782325Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-29T15:09:16.325Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "Cookie Handler"
              ],
              "product": "NODERP",
              "vendor": "Shanxi Diankeyun Technology",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0.0"
                },
                {
                  "status": "affected",
                  "version": "6.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.0.2"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "glzjin (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Shanxi Diankeyun Technology NODERP up to 6.0.2 and classified as critical. This issue affects some unknown processing of the file application/index/common.php of the component Cookie Handler. The manipulation of the argument Nod_User_Id/Nod_User_Token leads to improper authentication. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252275. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Eine kritische Schwachstelle wurde in Shanxi Diankeyun Technology NODERP bis 6.0.2 gefunden. Davon betroffen ist unbekannter Code der Datei application/index/common.php der Komponente Cookie Handler. Dank Manipulation des Arguments Nod_User_Id/Nod_User_Token mit unbekannten Daten kann eine improper authentication-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 7.5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287 Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-09T19:13:07.144Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.252275"
            },
            {
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.252275"
            },
            {
              "tags": [
                "broken-link",
                "exploit"
              ],
              "url": "https://note.zhaoj.in/share/vWuVlU2eg79t"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-01-29T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-01-29T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-01-29T08:08:47.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Shanxi Diankeyun Technology NODERP Cookie common.php improper authentication"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-1006",
        "datePublished": "2024-01-29T15:31:04.204Z",
        "dateReserved": "2024-01-29T07:03:38.802Z",
        "dateUpdated": "2025-05-29T15:09:16.325Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-1005 (GCVE-0-2024-1005)

    Vulnerability from cvelistv5 – Published: 2024-01-29 15:00 – Updated: 2024-08-29 19:06
    VLAI
    Title
    Shanxi Diankeyun Technology NODERP log file access
    Summary
    A vulnerability has been found in Shanxi Diankeyun Technology NODERP up to 6.0.2 and classified as critical. This vulnerability affects unknown code of the file /runtime/log. The manipulation leads to files or directories accessible. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-252274 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-552 - Files or Directories Accessible
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.252274 vdb-entry
    https://vuldb.com/?ctiid.252274 signaturepermissions-required
    https://note.zhaoj.in/share/M9ERphWTXUPj broken-linkexploit
    Impacted products
    Vendor Product Version
    Shanxi Diankeyun Technology NODERP Affected: 6.0.0
    Affected: 6.0.1
    Affected: 6.0.2
    Create a notification for this product.
    Credits
    glzjin (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:26:30.395Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.252274"
              },
              {
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.252274"
              },
              {
                "tags": [
                  "broken-link",
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://note.zhaoj.in/share/M9ERphWTXUPj"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-1005",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-29T19:04:28.265367Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-29T19:06:37.230Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NODERP",
              "vendor": "Shanxi Diankeyun Technology",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0.0"
                },
                {
                  "status": "affected",
                  "version": "6.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.0.2"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "glzjin (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in Shanxi Diankeyun Technology NODERP up to 6.0.2 and classified as critical. This vulnerability affects unknown code of the file /runtime/log. The manipulation leads to files or directories accessible. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-252274 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "In Shanxi Diankeyun Technology NODERP bis 6.0.2 wurde eine kritische Schwachstelle gefunden. Hierbei betrifft es unbekannten Programmcode der Datei /runtime/log. Dank der Manipulation mit unbekannten Daten kann eine files or directories accessible-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-552",
                  "description": "CWE-552 Files or Directories Accessible",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-09T19:12:47.784Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/?id.252274"
            },
            {
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.252274"
            },
            {
              "tags": [
                "broken-link",
                "exploit"
              ],
              "url": "https://note.zhaoj.in/share/M9ERphWTXUPj"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-01-29T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-01-29T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-01-29T08:08:45.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Shanxi Diankeyun Technology NODERP log file access"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-1005",
        "datePublished": "2024-01-29T15:00:08.394Z",
        "dateReserved": "2024-01-29T07:03:36.764Z",
        "dateUpdated": "2024-08-29T19:06:37.230Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }