OpenCVE

A vulnerability classified as problematic has been found in Byzoro Smart S150 Management Platform V31R02B15. This affects an unknown part of the file /log/download.php of the component Backup File Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-251541 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity High

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:H/Au:S/C:P/I:N/A:N

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact partial

Vendors	Products
Byzoro	Smart S150 Smart S150 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:byzoro:smart_s150_firmware:31r02b15:*:*:*:*:*:*:*

cpe:2.3:h:byzoro:smart_s150:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/GTA12138/vul/blob/main/smart%20s150/s150%20Download%20any%20file/smart%20s150%20download%20any%20file.md
https://vuldb.com/?ctiid.251541
https://vuldb.com/?id.251541
https://vuldb.com/?submit.265177

History

Mon, 21 Oct 2024 12:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-532
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2024-01-19T15:00:05.792Z

Updated: 2024-10-21T11:31:56.228Z

Reserved: 2024-01-19T07:10:13.648Z

Link: CVE-2024-0716

Vulnrichment

Updated: 2024-08-01T18:11:35.779Z

NVD

Status : Modified

Published: 2024-01-19T15:15:09.240

Modified: 2024-11-21T08:47:12.190

Link: CVE-2024-0716

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-0716", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2024-01-19T07:10:13.648Z", "datePublished": "2024-01-19T15:00:05.792Z", "dateUpdated": "2024-10-21T11:31:56.228Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-04-09T08:34:26.803Z"}, "title": "Byzoro Smart S150 Management Platform Backup File download.php information disclosure", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-200", "lang": "en", "description": "CWE-200 Information Disclosure"}]}], "affected": [{"vendor": "Byzoro", "product": "Smart S150 Management Platform", "versions": [{"version": "V31R02B15", "status": "affected"}], "modules": ["Backup File Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic has been found in Byzoro Smart S150 Management Platform V31R02B15. This affects an unknown part of the file /log/download.php of the component Backup File Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-251541 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "Es wurde eine Schwachstelle in Byzoro Smart S150 Management Platform V31R02B15 entdeckt. Sie wurde als problematisch eingestuft. Hiervon betroffen ist ein unbekannter Codeblock der Datei /log/download.php der Komponente Backup File Handler. Durch Manipulation mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie ist schwierig auszunutzen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 3.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.1, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 2.1, "vectorString": "AV:N/AC:H/Au:S/C:P/I:N/A:N"}}], "timeline": [{"time": "2024-01-19T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2024-01-19T00:00:00.000Z", "lang": "en", "value": "CVE reserved"}, {"time": "2024-01-19T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2024-04-09T09:07:14.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "rollingchair (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.251541", "name": "VDB-251541 | Byzoro Smart S150 Management Platform Backup File download.php information disclosure", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.251541", "name": "VDB-251541 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.265177", "name": "Submit #265177 | \u5317\u4eac\u767e\u5353\u7f51\u7edc\u6280\u672f\u6709\u9650\u516c\u53f8 Smart S150 Smart V31R02B15 Download any file", "tags": ["third-party-advisory"]}, {"url": "https://github.com/GTA12138/vul/blob/main/smart%20s150/s150%20Download%20any%20file/smart%20s150%20download%20any%20file.md", "tags": ["exploit"]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:11:35.779Z"}, "title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.251541", "name": "VDB-251541 | Byzoro Smart S150 Management Platform Backup File download.php information disclosure", "tags": ["vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.251541", "name": "VDB-251541 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://vuldb.com/?submit.265177", "name": "Submit #265177 | \u5317\u4eac\u767e\u5353\u7f51\u7edc\u6280\u672f\u6709\u9650\u516c\u53f8 Smart S150 Smart V31R02B15 Download any file", "tags": ["third-party-advisory", "x_transferred"]}, {"url": "https://github.com/GTA12138/vul/blob/main/smart%20s150/s150%20Download%20any%20file/smart%20s150%20download%20any%20file.md", "tags": ["exploit", "x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-532", "lang": "en", "description": "CWE-532 Insertion of Sensitive Information into Log File"}]}], "affected": [{"vendor": "byzoro", "product": "smart_s150", "cpes": ["cpe:2.3:h:byzoro:smart_s150:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "V31R02B15", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-01-22T15:24:13.454422Z", "id": "CVE-2024-0716", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-21T11:31:56.228Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.251541", "name": "VDB-251541 | Byzoro Smart S150 Management Platform Backup File download.php information disclosure", "tags": ["vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.251541", "name": "VDB-251541 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://vuldb.com/?submit.265177", "name": "Submit #265177 | \u5317\u4eac\u767e\u5353\u7f51\u7edc\u6280\u672f\u6709\u9650\u516c\u53f8 Smart S150 Smart V31R02B15 Download any file", "tags": ["third-party-advisory", "x_transferred"]}, {"url": "https://github.com/GTA12138/vul/blob/main/smart%20s150/s150%20Download%20any%20file/smart%20s150%20download%20any%20file.md", "tags": ["exploit", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:11:35.779Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-0716", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-01-22T15:24:13.454422Z"}}}], "affected": [{"cpes": ["cpe:2.3:h:byzoro:smart_s150:-:*:*:*:*:*:*:*"], "vendor": "byzoro", "product": "smart_s150", "versions": [{"status": "affected", "version": "V31R02B15"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-532", "description": "CWE-532 Insertion of Sensitive Information into Log File"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-21T11:30:31.681Z"}}], "cna": {"title": "Byzoro Smart S150 Management Platform Backup File download.php information disclosure", "credits": [{"lang": "en", "type": "reporter", "value": "rollingchair (VulDB User)"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 3.1, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.1, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 2.1, "vectorString": "AV:N/AC:H/Au:S/C:P/I:N/A:N"}}], "affected": [{"vendor": "Byzoro", "modules": ["Backup File Handler"], "product": "Smart S150 Management Platform", "versions": [{"status": "affected", "version": "V31R02B15"}]}], "timeline": [{"lang": "en", "time": "2024-01-19T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2024-01-19T00:00:00.000Z", "value": "CVE reserved"}, {"lang": "en", "time": "2024-01-19T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2024-04-09T09:07:14.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.251541", "name": "VDB-251541 | Byzoro Smart S150 Management Platform Backup File download.php information disclosure", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.251541", "name": "VDB-251541 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.265177", "name": "Submit #265177 | \u5317\u4eac\u767e\u5353\u7f51\u7edc\u6280\u672f\u6709\u9650\u516c\u53f8 Smart S150 Smart V31R02B15 Download any file", "tags": ["third-party-advisory"]}, {"url": "https://github.com/GTA12138/vul/blob/main/smart%20s150/s150%20Download%20any%20file/smart%20s150%20download%20any%20file.md", "tags": ["exploit"]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic has been found in Byzoro Smart S150 Management Platform V31R02B15. This affects an unknown part of the file /log/download.php of the component Backup File Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-251541 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "Es wurde eine Schwachstelle in Byzoro Smart S150 Management Platform V31R02B15 entdeckt. Sie wurde als problematisch eingestuft. Hiervon betroffen ist ein unbekannter Codeblock der Datei /log/download.php der Komponente Backup File Handler. Durch Manipulation mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie ist schwierig auszunutzen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200 Information Disclosure"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-04-09T08:34:26.803Z"}}}, "cveMetadata": {"cveId": "CVE-2024-0716", "state": "PUBLISHED", "dateUpdated": "2024-10-21T11:31:56.228Z", "dateReserved": "2024-01-19T07:10:13.648Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2024-01-19T15:00:05.792Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:byzoro:smart_s150_firmware:31r02b15:*:*:*:*:*:*:*", "matchCriteriaId": "4D9EB833-E3F1-479D-A904-FA45CFF7EAA8", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:byzoro:smart_s150:-:*:*:*:*:*:*:*", "matchCriteriaId": "8933946D-BF4C-4F40-8752-D4D6A371BE6E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic has been found in Byzoro Smart S150 Management Platform V31R02B15. This affects an unknown part of the file /log/download.php of the component Backup File Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-251541 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "es", "value": "Una vulnerabilidad ha sido encontrada en Beijing Baichuo Smart S150 Management Platform V31R02B15 y clasificada como problem\u00e1tica. Una parte desconocida del archivo /log/download.php del componente Backup File Handler es afectada por una funci\u00f3n desconocida. La manipulaci\u00f3n conduce a la divulgaci\u00f3n de informaci\u00f3n. Es posible iniciar el ataque de forma remota. La complejidad de un ataque es bastante alta. Se dice que la explotabilidad es dif\u00edcil. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-251541. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."}], "id": "CVE-2024-0716", "lastModified": "2024-11-21T08:47:12.190", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-01-19T15:15:09.240", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/GTA12138/vul/blob/main/smart%20s150/s150%20Download%20any%20file/smart%20s150%20download%20any%20file.md"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?ctiid.251541"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?id.251541"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.265177"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/GTA12138/vul/blob/main/smart%20s150/s150%20Download%20any%20file/smart%20s150%20download%20any%20file.md"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?ctiid.251541"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?id.251541"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://vuldb.com/?submit.265177"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "cna@vuldb.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-532"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}