Search criteria
1 vulnerability by Sovell
CVE-2024-9554 (GCVE-0-2024-9554)
Vulnerability from cvelistv5 – Published: 2024-10-06 11:31 – Updated: 2024-10-07 13:49
VLAI
Title
Sovell Smart Canteen System Password Reset suanfa.py Check_ET_CheckPwdz201 authorization
Summary
A vulnerability classified as problematic was found in Sovell Smart Canteen System up to 3.0.7303.30513. Affected by this vulnerability is the function Check_ET_CheckPwdz201 of the file suanfa.py of the component Password Reset Handler. The manipulation leads to authorization bypass. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
CWE
- CWE-639 - Authorization Bypass
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.279361 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.279361 | signaturepermissions-required |
| https://vuldb.com/?submit.412954 | third-party-advisory |
| https://github.com/qieziwa/Code_vulnerability/blo… | related |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Sovell | Smart Canteen System |
Affected:
3.0.7303.30513
|
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sovell:smart_canteen_system:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smart_canteen_system",
"vendor": "sovell",
"versions": [
{
"status": "affected",
"version": "3.0.7303.30513"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9554",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-07T13:46:59.565605Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-07T13:49:11.679Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Password Reset Handler"
],
"product": "Smart Canteen System",
"vendor": "Sovell",
"versions": [
{
"status": "affected",
"version": "3.0.7303.30513"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "qieziwa (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in Sovell Smart Canteen System up to 3.0.7303.30513. Affected by this vulnerability is the function Check_ET_CheckPwdz201 of the file suanfa.py of the component Password Reset Handler. The manipulation leads to authorization bypass. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In Sovell Smart Canteen System bis 3.0.7303.30513 wurde eine problematische Schwachstelle entdeckt. Das betrifft die Funktion Check_ET_CheckPwdz201 der Datei suanfa.py der Komponente Password Reset Handler. Mittels dem Manipulieren mit unbekannten Daten kann eine authorization bypass-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie gilt als schwierig ausnutzbar."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.6,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "Authorization Bypass",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-06T11:31:04.369Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-279361 | Sovell Smart Canteen System Password Reset suanfa.py Check_ET_CheckPwdz201 authorization",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.279361"
},
{
"name": "VDB-279361 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.279361"
},
{
"name": "Submit #412954 | \u676d\u5dde\u96c4\u4f1f\u79d1\u6280\u5f00\u53d1\u80a1\u4efd\u6709\u9650\u516c\u53f8 \u9910\u5385\u6570\u5b57\u5316 \u6700\u65b0 Authorization Bypass",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.412954"
},
{
"tags": [
"related"
],
"url": "https://github.com/qieziwa/Code_vulnerability/blob/main/%E9%9B%84%E4%BC%9F-%E9%A4%90%E5%8E%85%E6%95%B0%E5%AD%97%E5%8C%96%E4%BB%BB%E6%84%8F%E5%AF%86%E7%A0%81%E9%87%8D%E7%BD%AE.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-10-05T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-10-05T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-10-05T19:02:16.000Z",
"value": "VulDB entry last update"
}
],
"title": "Sovell Smart Canteen System Password Reset suanfa.py Check_ET_CheckPwdz201 authorization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-9554",
"datePublished": "2024-10-06T11:31:04.369Z",
"dateReserved": "2024-10-05T16:57:06.367Z",
"dateUpdated": "2024-10-07T13:49:11.679Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}