Lucene search

[email protected]NVD:CVE-2024-38468

HistoryJun 16, 2024 - 4:15 p.m.

CVE-2024-38468

2024-06-1616:15:09

CWE-640

[email protected]

web.nvd.nist.gov

cve-2024-38468

shenzhen guoxin synthesis

unauthorized

password resets

resetpassword api

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

39.5%

JSON

Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorized password resets via the resetPassword API.

Affected configurations

Nvd

Node

guoxinledsynthesis_image_systemRange<8.3.0

VendorProductVersionCPE
guoxinledsynthesis_image_system*cpe:2.3:a:guoxinled:synthesis_image_system:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
guoxinled	synthesis_image_system	*	cpe:2.3:a:guoxinled:synthesis_image_system::::::::

References

github.com/Pumpkin-ito/Cve-Vuln/blob/main/Guosen%20synthetic%20imaging%20system%20vulnerability.pdf

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

39.5%

JSON

Related for NVD:CVE-2024-38468

cve1 cvelist1 vulnrichment1