CVE-2024-6737

2100 TECHNOLOGY Electronic Official Document Management System - Broken Access Control

CVSS 8.8 HIGHEPSS 0.6%CWE-284

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 8.8EPSS 0.6%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

15 Jul 2024Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

The access control in the Electronic Official Document Management System from 2100 TECHNOLOGY is not properly implemented, allowing remote attackers with regular privileges to access the account settings functionality and create an administrator account.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

2100 TECHNOLOGY · Electronic Official Document Management System

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.twcert.org.tw/en/cp-139-7924-85606-2.html https://www.twcert.org.tw/tw/cp-132-7923-46df3-1.html