SGUDA U-Lock central lock control service’s user management function has incorrect authorization. A remote attacker with general user privilege can exploit this vulnerability to call privileged APIs to access, modify and delete user information.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: twcert

Published: 2023-06-02T00:00:00

Updated: 2024-08-03T14:31:46.278Z

Reserved: 2022-11-29T00:00:00

Link: CVE-2022-46308

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-06-02T11:15:09.913

Modified: 2024-11-21T07:30:21.387

Link: CVE-2022-46308

cve-icon Redhat

No data.