Search
Find a vulnerability
Search criteria
6 vulnerabilities by Anhui Deshun Intelligent Technology
CVE-2024-7921 (GCVE-0-2024-7921)
Vulnerability from nvd – Published: 2024-08-19 02:00 – Updated: 2024-08-19 14:36
VLAI
Title
Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 GetDataList access control
Summary
A vulnerability has been found in Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 up to 20240805 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /report/ParkOutRecord/GetDataList. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity
4.3 (Medium)
4.3 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Controls
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.275071 | vdb-entry |
| https://vuldb.com/?ctiid.275071 | signaturepermissions-required |
| https://vuldb.com/?submit.387126 | third-party-advisory |
| https://wiki.shikangsi.com/post/share/7d5eb025-1c… | exploit |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Anhui Deshun Intelligent Technology | Jieshun JieLink+ JSOTC2016 |
Affected:
20240805
|
|
| jieshun-tech | jielink\+ |
Affected:
0 , ≤ 20240805
(custom)
cpe:2.3:a:jieshun-tech:jielink\+:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:jieshun-tech:jielink\\+:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "jielink\\+",
"vendor": "jieshun-tech",
"versions": [
{
"lessThanOrEqual": "20240805",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7921",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-19T13:14:04.404295Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-19T14:36:29.753Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Jieshun JieLink+ JSOTC2016",
"vendor": "Anhui Deshun Intelligent Technology",
"versions": [
{
"status": "affected",
"version": "20240805"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "wiki (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 up to 20240805 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /report/ParkOutRecord/GetDataList. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 bis 20240805 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei /report/ParkOutRecord/GetDataList. Mittels dem Manipulieren mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-19T02:00:09.824Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-275071 | Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 GetDataList access control",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.275071"
},
{
"name": "VDB-275071 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.275071"
},
{
"name": "Submit #387126 | \u5b89\u5fbd\u5fb7\u987a\u667a\u80fd\u79d1\u6280\u6709\u9650\u516c\u53f8 JIELINK+ INTELLIGENT TERMINAL OPERATION PLATROFM JSOTC2016 fJeLink+ Improper Access Controls",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.387126"
},
{
"tags": [
"exploit"
],
"url": "https://wiki.shikangsi.com/post/share/7d5eb025-1c30-44b4-b609-61938f6d6c05"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-08-18T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-08-18T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-08-18T21:19:07.000Z",
"value": "VulDB entry last update"
}
],
"title": "Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 GetDataList access control"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-7921",
"datePublished": "2024-08-19T02:00:09.824Z",
"dateReserved": "2024-08-18T19:13:34.362Z",
"dateUpdated": "2024-08-19T14:36:29.753Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7920 (GCVE-0-2024-7920)
Vulnerability from nvd – Published: 2024-08-19 00:00 – Updated: 2024-08-19 15:33
VLAI
Title
Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 GetParkInThroughDeivces access control
Summary
A vulnerability, which was classified as problematic, was found in Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 up to 20240805. Affected is an unknown function of the file /Report/ParkCommon/GetParkInThroughDeivces. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity
4.3 (Medium)
4.3 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Controls
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.275070 | vdb-entry |
| https://vuldb.com/?ctiid.275070 | signaturepermissions-required |
| https://vuldb.com/?submit.387125 | third-party-advisory |
| https://wiki.shikangsi.com/post/share/123687c4-ff… | exploit |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Anhui Deshun Intelligent Technology | Jieshun JieLink+ JSOTC2016 |
Affected:
20240805
|
|
| anhui_deshun_intelligent_technology | jieshun_jielink_plus_jsotc2016 |
Affected:
20240805
cpe:2.3:a:anhui_deshun_intelligent_technology:jieshun_jielink_plus_jsotc2016:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:anhui_deshun_intelligent_technology:jieshun_jielink_plus_jsotc2016:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "jieshun_jielink_plus_jsotc2016",
"vendor": "anhui_deshun_intelligent_technology",
"versions": [
{
"status": "affected",
"version": "20240805"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7920",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-19T15:29:31.455311Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-19T15:33:17.409Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Jieshun JieLink+ JSOTC2016",
"vendor": "Anhui Deshun Intelligent Technology",
"versions": [
{
"status": "affected",
"version": "20240805"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "wiki (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 up to 20240805. Affected is an unknown function of the file /Report/ParkCommon/GetParkInThroughDeivces. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 bis 20240805 gefunden. Sie wurde als problematisch eingestuft. Es betrifft eine unbekannte Funktion der Datei /Report/ParkCommon/GetParkInThroughDeivces. Durch Manipulation mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-19T00:00:14.020Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-275070 | Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 GetParkInThroughDeivces access control",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.275070"
},
{
"name": "VDB-275070 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.275070"
},
{
"name": "Submit #387125 | \u5b89\u5fbd\u5fb7\u987a\u667a\u80fd\u79d1\u6280\u6709\u9650\u516c\u53f8 JIELINK+ INTELLIGENT TERMINAL OPERATION PLATROFM JSOTC2016 fJeLink+ Improper Access Controls",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.387125"
},
{
"tags": [
"exploit"
],
"url": "https://wiki.shikangsi.com/post/share/123687c4-ff4b-48e8-8299-6f4950a75af5"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-08-18T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-08-18T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-08-18T21:19:05.000Z",
"value": "VulDB entry last update"
}
],
"title": "Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 GetParkInThroughDeivces access control"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-7920",
"datePublished": "2024-08-19T00:00:14.020Z",
"dateReserved": "2024-08-18T19:13:31.525Z",
"dateUpdated": "2024-08-19T15:33:17.409Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7919 (GCVE-0-2024-7919)
Vulnerability from nvd – Published: 2024-08-19 00:00 – Updated: 2024-08-19 13:36
VLAI
Title
Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 GetDataList access control
Summary
A vulnerability, which was classified as critical, has been found in Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 up to 20240805. This issue affects some unknown processing of the file /report/ParkChargeRecord/GetDataList. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity
5.3 (Medium)
5.3 (Medium)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Controls
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.275069 | vdb-entry |
| https://vuldb.com/?ctiid.275069 | signaturepermissions-required |
| https://vuldb.com/?submit.387124 | third-party-advisory |
| https://wiki.shikangsi.com/post/share/fd390bd7-2d… | exploit |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Anhui Deshun Intelligent Technology | Jieshun JieLink+ JSOTC2016 |
Affected:
20240805
|
|
| anhui_deshun_intelligent_technology | jieshun_jielink\+ |
Affected:
jsotc2016 , < 20240805
(custom)
cpe:2.3:a:anhui_deshun_intelligent_technology:jieshun_jielink\+:jsotc2016:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:anhui_deshun_intelligent_technology:jieshun_jielink\\+:jsotc2016:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "jieshun_jielink\\+",
"vendor": "anhui_deshun_intelligent_technology",
"versions": [
{
"lessThan": "20240805",
"status": "affected",
"version": "jsotc2016",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7919",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-19T13:33:33.501354Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-19T13:36:11.222Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Jieshun JieLink+ JSOTC2016",
"vendor": "Anhui Deshun Intelligent Technology",
"versions": [
{
"status": "affected",
"version": "20240805"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "wiki (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 up to 20240805. This issue affects some unknown processing of the file /report/ParkChargeRecord/GetDataList. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 bis 20240805 entdeckt. Sie wurde als kritisch eingestuft. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei /report/ParkChargeRecord/GetDataList. Durch die Manipulation mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-19T00:00:10.567Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-275069 | Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 GetDataList access control",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.275069"
},
{
"name": "VDB-275069 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.275069"
},
{
"name": "Submit #387124 | \u5b89\u5fbd\u5fb7\u987a\u667a\u80fd\u79d1\u6280\u6709\u9650\u516c\u53f8 JIELINK+ INTELLIGENT TERMINAL OPERATION PLATROFM JSOTC2016 fJeLink+ Improper Access Controls",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.387124"
},
{
"tags": [
"exploit"
],
"url": "https://wiki.shikangsi.com/post/share/fd390bd7-2d60-4ffb-87da-f72cc900f61c"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-08-18T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-08-18T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-08-18T21:19:04.000Z",
"value": "VulDB entry last update"
}
],
"title": "Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 GetDataList access control"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-7919",
"datePublished": "2024-08-19T00:00:10.567Z",
"dateReserved": "2024-08-18T19:13:28.219Z",
"dateUpdated": "2024-08-19T13:36:11.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7921 (GCVE-0-2024-7921)
Vulnerability from cvelistv5 – Published: 2024-08-19 02:00 – Updated: 2024-08-19 14:36
VLAI
Title
Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 GetDataList access control
Summary
A vulnerability has been found in Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 up to 20240805 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /report/ParkOutRecord/GetDataList. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity
4.3 (Medium)
4.3 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Controls
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.275071 | vdb-entry |
| https://vuldb.com/?ctiid.275071 | signaturepermissions-required |
| https://vuldb.com/?submit.387126 | third-party-advisory |
| https://wiki.shikangsi.com/post/share/7d5eb025-1c… | exploit |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Anhui Deshun Intelligent Technology | Jieshun JieLink+ JSOTC2016 |
Affected:
20240805
|
|
| jieshun-tech | jielink\+ |
Affected:
0 , ≤ 20240805
(custom)
cpe:2.3:a:jieshun-tech:jielink\+:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:jieshun-tech:jielink\\+:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "jielink\\+",
"vendor": "jieshun-tech",
"versions": [
{
"lessThanOrEqual": "20240805",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7921",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-19T13:14:04.404295Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-19T14:36:29.753Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Jieshun JieLink+ JSOTC2016",
"vendor": "Anhui Deshun Intelligent Technology",
"versions": [
{
"status": "affected",
"version": "20240805"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "wiki (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 up to 20240805 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /report/ParkOutRecord/GetDataList. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 bis 20240805 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei /report/ParkOutRecord/GetDataList. Mittels dem Manipulieren mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-19T02:00:09.824Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-275071 | Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 GetDataList access control",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.275071"
},
{
"name": "VDB-275071 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.275071"
},
{
"name": "Submit #387126 | \u5b89\u5fbd\u5fb7\u987a\u667a\u80fd\u79d1\u6280\u6709\u9650\u516c\u53f8 JIELINK+ INTELLIGENT TERMINAL OPERATION PLATROFM JSOTC2016 fJeLink+ Improper Access Controls",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.387126"
},
{
"tags": [
"exploit"
],
"url": "https://wiki.shikangsi.com/post/share/7d5eb025-1c30-44b4-b609-61938f6d6c05"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-08-18T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-08-18T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-08-18T21:19:07.000Z",
"value": "VulDB entry last update"
}
],
"title": "Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 GetDataList access control"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-7921",
"datePublished": "2024-08-19T02:00:09.824Z",
"dateReserved": "2024-08-18T19:13:34.362Z",
"dateUpdated": "2024-08-19T14:36:29.753Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7920 (GCVE-0-2024-7920)
Vulnerability from cvelistv5 – Published: 2024-08-19 00:00 – Updated: 2024-08-19 15:33
VLAI
Title
Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 GetParkInThroughDeivces access control
Summary
A vulnerability, which was classified as problematic, was found in Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 up to 20240805. Affected is an unknown function of the file /Report/ParkCommon/GetParkInThroughDeivces. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity
4.3 (Medium)
4.3 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Controls
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.275070 | vdb-entry |
| https://vuldb.com/?ctiid.275070 | signaturepermissions-required |
| https://vuldb.com/?submit.387125 | third-party-advisory |
| https://wiki.shikangsi.com/post/share/123687c4-ff… | exploit |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Anhui Deshun Intelligent Technology | Jieshun JieLink+ JSOTC2016 |
Affected:
20240805
|
|
| anhui_deshun_intelligent_technology | jieshun_jielink_plus_jsotc2016 |
Affected:
20240805
cpe:2.3:a:anhui_deshun_intelligent_technology:jieshun_jielink_plus_jsotc2016:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:anhui_deshun_intelligent_technology:jieshun_jielink_plus_jsotc2016:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "jieshun_jielink_plus_jsotc2016",
"vendor": "anhui_deshun_intelligent_technology",
"versions": [
{
"status": "affected",
"version": "20240805"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7920",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-19T15:29:31.455311Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-19T15:33:17.409Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Jieshun JieLink+ JSOTC2016",
"vendor": "Anhui Deshun Intelligent Technology",
"versions": [
{
"status": "affected",
"version": "20240805"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "wiki (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 up to 20240805. Affected is an unknown function of the file /Report/ParkCommon/GetParkInThroughDeivces. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 bis 20240805 gefunden. Sie wurde als problematisch eingestuft. Es betrifft eine unbekannte Funktion der Datei /Report/ParkCommon/GetParkInThroughDeivces. Durch Manipulation mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-19T00:00:14.020Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-275070 | Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 GetParkInThroughDeivces access control",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.275070"
},
{
"name": "VDB-275070 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.275070"
},
{
"name": "Submit #387125 | \u5b89\u5fbd\u5fb7\u987a\u667a\u80fd\u79d1\u6280\u6709\u9650\u516c\u53f8 JIELINK+ INTELLIGENT TERMINAL OPERATION PLATROFM JSOTC2016 fJeLink+ Improper Access Controls",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.387125"
},
{
"tags": [
"exploit"
],
"url": "https://wiki.shikangsi.com/post/share/123687c4-ff4b-48e8-8299-6f4950a75af5"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-08-18T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-08-18T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-08-18T21:19:05.000Z",
"value": "VulDB entry last update"
}
],
"title": "Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 GetParkInThroughDeivces access control"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-7920",
"datePublished": "2024-08-19T00:00:14.020Z",
"dateReserved": "2024-08-18T19:13:31.525Z",
"dateUpdated": "2024-08-19T15:33:17.409Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7919 (GCVE-0-2024-7919)
Vulnerability from cvelistv5 – Published: 2024-08-19 00:00 – Updated: 2024-08-19 13:36
VLAI
Title
Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 GetDataList access control
Summary
A vulnerability, which was classified as critical, has been found in Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 up to 20240805. This issue affects some unknown processing of the file /report/ParkChargeRecord/GetDataList. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity
5.3 (Medium)
5.3 (Medium)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Controls
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.275069 | vdb-entry |
| https://vuldb.com/?ctiid.275069 | signaturepermissions-required |
| https://vuldb.com/?submit.387124 | third-party-advisory |
| https://wiki.shikangsi.com/post/share/fd390bd7-2d… | exploit |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Anhui Deshun Intelligent Technology | Jieshun JieLink+ JSOTC2016 |
Affected:
20240805
|
|
| anhui_deshun_intelligent_technology | jieshun_jielink\+ |
Affected:
jsotc2016 , < 20240805
(custom)
cpe:2.3:a:anhui_deshun_intelligent_technology:jieshun_jielink\+:jsotc2016:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:anhui_deshun_intelligent_technology:jieshun_jielink\\+:jsotc2016:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "jieshun_jielink\\+",
"vendor": "anhui_deshun_intelligent_technology",
"versions": [
{
"lessThan": "20240805",
"status": "affected",
"version": "jsotc2016",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7919",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-19T13:33:33.501354Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-19T13:36:11.222Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Jieshun JieLink+ JSOTC2016",
"vendor": "Anhui Deshun Intelligent Technology",
"versions": [
{
"status": "affected",
"version": "20240805"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "wiki (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 up to 20240805. This issue affects some unknown processing of the file /report/ParkChargeRecord/GetDataList. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 bis 20240805 entdeckt. Sie wurde als kritisch eingestuft. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei /report/ParkChargeRecord/GetDataList. Durch die Manipulation mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-19T00:00:10.567Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-275069 | Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 GetDataList access control",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.275069"
},
{
"name": "VDB-275069 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.275069"
},
{
"name": "Submit #387124 | \u5b89\u5fbd\u5fb7\u987a\u667a\u80fd\u79d1\u6280\u6709\u9650\u516c\u53f8 JIELINK+ INTELLIGENT TERMINAL OPERATION PLATROFM JSOTC2016 fJeLink+ Improper Access Controls",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.387124"
},
{
"tags": [
"exploit"
],
"url": "https://wiki.shikangsi.com/post/share/fd390bd7-2d60-4ffb-87da-f72cc900f61c"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-08-18T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-08-18T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-08-18T21:19:04.000Z",
"value": "VulDB entry last update"
}
],
"title": "Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 GetDataList access control"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-7919",
"datePublished": "2024-08-19T00:00:10.567Z",
"dateReserved": "2024-08-18T19:13:28.219Z",
"dateUpdated": "2024-08-19T13:36:11.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}