CVE-2024-3122

Description

CHANGING Mobile One Time Password does not properly filter parameters for the file download functionality, allowing remote attackers with administrator privilege to read arbitrary file on the system.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Affected products

Changing / Mobile One Time Passwordearlier – 3.11.2

References

MISChttps://www.twcert.org.tw/tw/cp-132-7911-0962e-1.html
MISChttps://www.twcert.org.tw/en/cp-139-7912-4c800-2.html