Search

Find a vulnerability

Search criteria

    2 vulnerabilities by Sovell

    CVE-2024-9554 (GCVE-0-2024-9554)

    Vulnerability from nvd – Published: 2024-10-06 11:31 – Updated: 2024-10-07 13:49
    VLAI
    Title
    Sovell Smart Canteen System Password Reset suanfa.py Check_ET_CheckPwdz201 authorization
    Summary
    A vulnerability classified as problematic was found in Sovell Smart Canteen System up to 3.0.7303.30513. Affected by this vulnerability is the function Check_ET_CheckPwdz201 of the file suanfa.py of the component Password Reset Handler. The manipulation leads to authorization bypass. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.279361 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.279361 signaturepermissions-required
    https://vuldb.com/?submit.412954 third-party-advisory
    https://github.com/qieziwa/Code_vulnerability/blo… related
    Impacted products
    Vendor Product Version
    Sovell Smart Canteen System Affected: 3.0.7303.30513
    Create a notification for this product.
    sovell smart_canteen_system Affected: 3.0.7303.30513
        cpe:2.3:a:sovell:smart_canteen_system:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    qieziwa (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:sovell:smart_canteen_system:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "smart_canteen_system",
                "vendor": "sovell",
                "versions": [
                  {
                    "status": "affected",
                    "version": "3.0.7303.30513"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-9554",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-07T13:46:59.565605Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-07T13:49:11.679Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "Password Reset Handler"
              ],
              "product": "Smart Canteen System",
              "vendor": "Sovell",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.0.7303.30513"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "qieziwa (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability classified as problematic was found in Sovell Smart Canteen System up to 3.0.7303.30513. Affected by this vulnerability is the function Check_ET_CheckPwdz201 of the file suanfa.py of the component Password Reset Handler. The manipulation leads to authorization bypass. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "In Sovell Smart Canteen System bis 3.0.7303.30513 wurde eine problematische Schwachstelle entdeckt. Das betrifft die Funktion Check_ET_CheckPwdz201 der Datei suanfa.py der Komponente Password Reset Handler. Mittels dem Manipulieren mit unbekannten Daten kann eine authorization bypass-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie gilt als schwierig ausnutzbar."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 2.6,
                "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "Authorization Bypass",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-06T11:31:04.369Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-279361 | Sovell Smart Canteen System Password Reset suanfa.py Check_ET_CheckPwdz201 authorization",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.279361"
            },
            {
              "name": "VDB-279361 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.279361"
            },
            {
              "name": "Submit #412954 | \u676d\u5dde\u96c4\u4f1f\u79d1\u6280\u5f00\u53d1\u80a1\u4efd\u6709\u9650\u516c\u53f8 \u9910\u5385\u6570\u5b57\u5316 \u6700\u65b0 Authorization Bypass",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.412954"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://github.com/qieziwa/Code_vulnerability/blob/main/%E9%9B%84%E4%BC%9F-%E9%A4%90%E5%8E%85%E6%95%B0%E5%AD%97%E5%8C%96%E4%BB%BB%E6%84%8F%E5%AF%86%E7%A0%81%E9%87%8D%E7%BD%AE.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-10-05T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-10-05T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-10-05T19:02:16.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Sovell Smart Canteen System Password Reset suanfa.py Check_ET_CheckPwdz201 authorization"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-9554",
        "datePublished": "2024-10-06T11:31:04.369Z",
        "dateReserved": "2024-10-05T16:57:06.367Z",
        "dateUpdated": "2024-10-07T13:49:11.679Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-9554 (GCVE-0-2024-9554)

    Vulnerability from cvelistv5 – Published: 2024-10-06 11:31 – Updated: 2024-10-07 13:49
    VLAI
    Title
    Sovell Smart Canteen System Password Reset suanfa.py Check_ET_CheckPwdz201 authorization
    Summary
    A vulnerability classified as problematic was found in Sovell Smart Canteen System up to 3.0.7303.30513. Affected by this vulnerability is the function Check_ET_CheckPwdz201 of the file suanfa.py of the component Password Reset Handler. The manipulation leads to authorization bypass. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.279361 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.279361 signaturepermissions-required
    https://vuldb.com/?submit.412954 third-party-advisory
    https://github.com/qieziwa/Code_vulnerability/blo… related
    Impacted products
    Vendor Product Version
    Sovell Smart Canteen System Affected: 3.0.7303.30513
    Create a notification for this product.
    sovell smart_canteen_system Affected: 3.0.7303.30513
        cpe:2.3:a:sovell:smart_canteen_system:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    qieziwa (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:sovell:smart_canteen_system:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "smart_canteen_system",
                "vendor": "sovell",
                "versions": [
                  {
                    "status": "affected",
                    "version": "3.0.7303.30513"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-9554",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-07T13:46:59.565605Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-07T13:49:11.679Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "Password Reset Handler"
              ],
              "product": "Smart Canteen System",
              "vendor": "Sovell",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.0.7303.30513"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "qieziwa (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability classified as problematic was found in Sovell Smart Canteen System up to 3.0.7303.30513. Affected by this vulnerability is the function Check_ET_CheckPwdz201 of the file suanfa.py of the component Password Reset Handler. The manipulation leads to authorization bypass. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "In Sovell Smart Canteen System bis 3.0.7303.30513 wurde eine problematische Schwachstelle entdeckt. Das betrifft die Funktion Check_ET_CheckPwdz201 der Datei suanfa.py der Komponente Password Reset Handler. Mittels dem Manipulieren mit unbekannten Daten kann eine authorization bypass-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie gilt als schwierig ausnutzbar."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 2.6,
                "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "Authorization Bypass",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-06T11:31:04.369Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-279361 | Sovell Smart Canteen System Password Reset suanfa.py Check_ET_CheckPwdz201 authorization",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.279361"
            },
            {
              "name": "VDB-279361 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.279361"
            },
            {
              "name": "Submit #412954 | \u676d\u5dde\u96c4\u4f1f\u79d1\u6280\u5f00\u53d1\u80a1\u4efd\u6709\u9650\u516c\u53f8 \u9910\u5385\u6570\u5b57\u5316 \u6700\u65b0 Authorization Bypass",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.412954"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://github.com/qieziwa/Code_vulnerability/blob/main/%E9%9B%84%E4%BC%9F-%E9%A4%90%E5%8E%85%E6%95%B0%E5%AD%97%E5%8C%96%E4%BB%BB%E6%84%8F%E5%AF%86%E7%A0%81%E9%87%8D%E7%BD%AE.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-10-05T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-10-05T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-10-05T19:02:16.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Sovell Smart Canteen System Password Reset suanfa.py Check_ET_CheckPwdz201 authorization"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-9554",
        "datePublished": "2024-10-06T11:31:04.369Z",
        "dateReserved": "2024-10-05T16:57:06.367Z",
        "dateUpdated": "2024-10-07T13:49:11.679Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }