CVE-2024-40720

The specific API in TCBServiSign Windows Version from CHANGING Information Technology does not properly validate server-side input. When a user visits a spoofed website, unauthenticated remote attackers can modify the `HKEY_CURRENT_USER` registry to execute arbitrary commands.
Configurations

Configuration 1 (hide)

cpe:2.3:a:changingtec:tcb_servisign:*:*:*:*:*:windows:*:*

History

09 Aug 2024, 14:36

Type Values Removed Values Added
References () https://www.twcert.org.tw/en/cp-139-7971-d9584-2.html - () https://www.twcert.org.tw/en/cp-139-7971-d9584-2.html - Third Party Advisory
References () https://www.twcert.org.tw/tw/cp-132-7965-8285d-1.html - () https://www.twcert.org.tw/tw/cp-132-7965-8285d-1.html - Third Party Advisory
CWE NVD-CWE-noinfo
CPE cpe:2.3:a:changingtec:tcb_servisign:*:*:*:*:*:windows:*:*
First Time Changingtec tcb Servisign
Changingtec

02 Aug 2024, 12:59

Type Values Removed Values Added
Summary
  • (es) La API específica en TCBServiSign Windows Version de CHANGING Information Technology no valida correctamente la entrada del lado del servidor. Cuando un usuario visita un sitio web falsificado, atacantes remotos no autenticados pueden modificar el registro `HKEY_CURRENT_USER` para ejecutar comandos arbitrarios.

02 Aug 2024, 11:16

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-02 11:16

Updated : 2024-08-09 14:36


NVD link : CVE-2024-40720

Mitre link : CVE-2024-40720

CVE.ORG link : CVE-2024-40720


JSON object : View

Products Affected

changingtec

  • tcb_servisign
CWE
NVD-CWE-noinfo CWE-20

Improper Input Validation