CVE-2024-40720

Published: Aug 2, 2024Modified: Aug 9, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

The specific API in TCBServiSign Windows Version from CHANGING Information Technology does not properly validate server-side input. When a user visits a spoofed website, unauthenticated remote attackers can modify the `HKEY_CURRENT_USER` registry to execute arbitrary commands.

Affected (1)

Products: Changingtec: Tcb Servisign

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Changingtec Tcb Servisign	Before 1.0.24.0318

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

https://www.twcert.org.tw/en/cp-139-7971-d9584-2.html

Source: twcert@cert.org.tw

Third Party Advisory

https://www.twcert.org.tw/tw/cp-132-7965-8285d-1.html

Source: twcert@cert.org.tw

Third Party Advisory

Timeline

No history available yet.