{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-9554", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2024-10-05T16:57:06.367Z", "datePublished": "2024-10-06T11:31:04.369Z", "dateUpdated": "2024-10-07T13:49:11.679Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-10-06T11:31:04.369Z"}, "title": "Sovell Smart Canteen System Password Reset suanfa.py Check_ET_CheckPwdz201 authorization", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-639", "lang": "en", "description": "Authorization Bypass"}]}], "affected": [{"vendor": "Sovell", "product": "Smart Canteen System", "versions": [{"version": "3.0.7303.30513", "status": "affected"}], "modules": ["Password Reset Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic was found in Sovell Smart Canteen System up to 3.0.7303.30513. Affected by this vulnerability is the function Check_ET_CheckPwdz201 of the file suanfa.py of the component Password Reset Handler. The manipulation leads to authorization bypass. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "In Sovell Smart Canteen System bis 3.0.7303.30513 wurde eine problematische Schwachstelle entdeckt. Das betrifft die Funktion Check_ET_CheckPwdz201 der Datei suanfa.py der Komponente Password Reset Handler. Mittels dem Manipulieren mit unbekannten Daten kann eine authorization bypass-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie gilt als schwierig ausnutzbar."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.3, "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.7, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.7, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N"}}], "timeline": [{"time": "2024-10-05T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2024-10-05T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2024-10-05T19:02:16.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "qieziwa (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.279361", "name": "VDB-279361 | Sovell Smart Canteen System Password Reset suanfa.py Check_ET_CheckPwdz201 authorization", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.279361", "name": "VDB-279361 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.412954", "name": "Submit #412954 | \u676d\u5dde\u96c4\u4f1f\u79d1\u6280\u5f00\u53d1\u80a1\u4efd\u6709\u9650\u516c\u53f8 \u9910\u5385\u6570\u5b57\u5316 \u6700\u65b0 Authorization Bypass", "tags": ["third-party-advisory"]}, {"url": "https://github.com/qieziwa/Code_vulnerability/blob/main/%E9%9B%84%E4%BC%9F-%E9%A4%90%E5%8E%85%E6%95%B0%E5%AD%97%E5%8C%96%E4%BB%BB%E6%84%8F%E5%AF%86%E7%A0%81%E9%87%8D%E7%BD%AE.md", "tags": ["related"]}]}, "adp": [{"affected": [{"vendor": "sovell", "product": "smart_canteen_system", "cpes": ["cpe:2.3:a:sovell:smart_canteen_system:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "3.0.7303.30513", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-07T13:46:59.565605Z", "id": "CVE-2024-9554", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-07T13:49:11.679Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"title": "Sovell Smart Canteen System Password Reset suanfa.py Check_ET_CheckPwdz201 authorization", "credits": [{"lang": "en", "type": "reporter", "value": "qieziwa (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N"}}], "affected": [{"vendor": "Sovell", "modules": ["Password Reset Handler"], "product": "Smart Canteen System", "versions": [{"status": "affected", "version": "3.0.7303.30513"}]}], "timeline": [{"lang": "en", "time": "2024-10-05T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2024-10-05T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2024-10-05T19:02:16.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.279361", "name": "VDB-279361 | Sovell Smart Canteen System Password Reset suanfa.py Check_ET_CheckPwdz201 authorization", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.279361", "name": "VDB-279361 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.412954", "name": "Submit #412954 | \u676d\u5dde\u96c4\u4f1f\u79d1\u6280\u5f00\u53d1\u80a1\u4efd\u6709\u9650\u516c\u53f8 \u9910\u5385\u6570\u5b57\u5316 \u6700\u65b0 Authorization Bypass", "tags": ["third-party-advisory"]}, {"url": "https://github.com/qieziwa/Code_vulnerability/blob/main/%E9%9B%84%E4%BC%9F-%E9%A4%90%E5%8E%85%E6%95%B0%E5%AD%97%E5%8C%96%E4%BB%BB%E6%84%8F%E5%AF%86%E7%A0%81%E9%87%8D%E7%BD%AE.md", "tags": ["related"]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic was found in Sovell Smart Canteen System up to 3.0.7303.30513. Affected by this vulnerability is the function Check_ET_CheckPwdz201 of the file suanfa.py of the component Password Reset Handler. The manipulation leads to authorization bypass. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "In Sovell Smart Canteen System bis 3.0.7303.30513 wurde eine problematische Schwachstelle entdeckt. Das betrifft die Funktion Check_ET_CheckPwdz201 der Datei suanfa.py der Komponente Password Reset Handler. Mittels dem Manipulieren mit unbekannten Daten kann eine authorization bypass-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie gilt als schwierig ausnutzbar."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-639", "description": "Authorization Bypass"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-10-06T11:31:04.369Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-9554", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-07T13:46:59.565605Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:sovell:smart_canteen_system:*:*:*:*:*:*:*:*"], "vendor": "sovell", "product": "smart_canteen_system", "versions": [{"status": "affected", "version": "3.0.7303.30513"}], "defaultStatus": "unknown"}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2024-10-07T13:49:05.539Z"}}]}, "cveMetadata": {"cveId": "CVE-2024-9554", "state": "PUBLISHED", "dateUpdated": "2024-10-06T11:31:04.369Z", "dateReserved": "2024-10-05T16:57:06.367Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2024-10-06T11:31:04.369Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic was found in Sovell Smart Canteen System up to 3.0.7303.30513. Affected by this vulnerability is the function Check_ET_CheckPwdz201 of the file suanfa.py of the component Password Reset Handler. The manipulation leads to authorization bypass. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way."}], "id": "CVE-2024-9554", "lastModified": "2024-10-07T17:47:48.410", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "NETWORK", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "NONE", "vulnerableSystemConfidentiality": "NONE", "vulnerableSystemIntegrity": "LOW"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2024-10-06T12:15:08.117", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/qieziwa/Code_vulnerability/blob/main/%E9%9B%84%E4%BC%9F-%E9%A4%90%E5%8E%85%E6%95%B0%E5%AD%97%E5%8C%96%E4%BB%BB%E6%84%8F%E5%AF%86%E7%A0%81%E9%87%8D%E7%BD%AE.md"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.279361"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.279361"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.412954"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-639"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}