CVE-2024-9922

The Team+ from TEAMPLUS TECHNOLOGY does not properly validate a specific page parameter, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files.
Configurations

Configuration 1 (hide)

cpe:2.3:a:teamplus:team\+_pro:*:*:*:*:private_cloud:android:*:*

History

24 Oct 2024, 13:21

Type Values Removed Values Added
References () https://www.twcert.org.tw/en/cp-139-8127-41699-2.html - () https://www.twcert.org.tw/en/cp-139-8127-41699-2.html - Third Party Advisory
References () https://www.twcert.org.tw/tw/cp-132-8126-5d9d2-1.html - () https://www.twcert.org.tw/tw/cp-132-8126-5d9d2-1.html - Third Party Advisory
CPE cpe:2.3:a:teamplus:team\+_pro:*:*:*:*:private_cloud:android:*:*
First Time Teamplus team\+ Pro
Teamplus
CWE NVD-CWE-Other

15 Oct 2024, 12:57

Type Values Removed Values Added
Summary
  • (es) Team+ de TEAMPLUS TECHNOLOGY no valida correctamente un parámetro de página específico, lo que permite que atacantes remotos no autenticados aprovechen esta vulnerabilidad para leer archivos de sistema arbitrarios.

14 Oct 2024, 03:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-14 03:15

Updated : 2024-10-24 13:21


NVD link : CVE-2024-9922

Mitre link : CVE-2024-9922

CVE.ORG link : CVE-2024-9922


JSON object : View

Products Affected

teamplus

  • team\+_pro
CWE
NVD-CWE-Other CWE-23

Relative Path Traversal