SGUDA U-Lock central lock control service’s user management function has incorrect authorization. A remote attacker with general user privilege can exploit this vulnerability to call privileged APIs to access, modify and delete user information.
References
Link | Resource |
---|---|
https://www.twcert.org.tw/tw/cp-132-7100-7a15c-1.html | Third Party Advisory |
https://www.twcert.org.tw/tw/cp-132-7100-7a15c-1.html | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 07:30
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.twcert.org.tw/tw/cp-132-7100-7a15c-1.html - Third Party Advisory |
09 Jun 2023, 22:35
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:h:sguda:u-lock:-:*:*:*:*:*:*:* cpe:2.3:o:sguda:u-lock_firmware:-:*:*:*:*:*:*:* |
|
First Time |
Sguda u-lock Firmware
Sguda u-lock Sguda |
|
References | (MISC) https://www.twcert.org.tw/tw/cp-132-7100-7a15c-1.html - Third Party Advisory |
02 Jun 2023, 11:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-06-02 11:15
Updated : 2024-11-21 07:30
NVD link : CVE-2022-46308
Mitre link : CVE-2022-46308
CVE.ORG link : CVE-2022-46308
JSON object : View
Products Affected
sguda
- u-lock_firmware
- u-lock
CWE
CWE-863
Incorrect Authorization