CVE-2024-0939

🗓️ 26 Jan 2024 18:31:03Reported by VulDBType

cve🔗 web.nvd.nist.gov👁 65 Views🌐 WEB

Vulnerability in Beijing Baichuo Smart S210 Management Platform up to 20240117 allows unrestricted remote file upload via /Tool/uploadfile.php (CVE-2024-0939)

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2024-0939	26 Jan 202420:32	–	circl
CNNVD	Beijing Baichuo Smart S210 Management Platform Code Issue Vulnerability	26 Jan 202400:00	–	cnnvd
Cvelist	CVE-2024-0939 Byzoro Smart S210 Management Platform uploadfile.php unrestricted upload	26 Jan 202418:31	–	cvelist
Nuclei	Smart S210 Management Platform - Arbitary File Upload	28 Jun 202615:08	–	nuclei
NVD	CVE-2024-0939	26 Jan 202419:15	–	nvd
OSV	CVE-2024-0939	26 Jan 202419:15	–	osv
Prion	Out-of-bounds	26 Jan 202419:15	–	prion
Positive Technologies	PT-2024-15924 · Beijing Baichuo · Beijing Baichuo Smart S210 Management Platform	26 Jan 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-0939	23 May 202510:09	–	redhatcve
Vulnrichment	CVE-2024-0939 Byzoro Smart S210 Management Platform uploadfile.php unrestricted upload	26 Jan 202418:31	–	vulnrichment

NVD

Vulners

Node

byzoro smart_s210_firmwareRange≤2024-01-17

AND

byzoro smart_s210Match-

[
  {
    "vendor": "Byzoro",
    "product": "Smart S210 Management Platform",
    "versions": [
      {
        "version": "20240117",
        "status": "affected"
      }
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
github	www.github.com/Yu1e/vuls/blob/main/an%20arbitrary%20file%20upload%20vulnerability%20in%20BaiZhuo%20Networks%20Smart%20S210%20multi-service%20security%20gateway%20intelligent%20management%20platform.md

Parameter	Position	Path	Description	CWE
file_upload	request body	/Tool/uploadfile.php	Unrestricted file upload via parameter file_upload in /Tool/uploadfile.php leading to potential remote code execution.	CWE-434

17 Jun 2026 06:54Current

9.4High risk

Vulners AI Score9.4

CVSS 3.16.3 - 9.8

CVSS 26.5

CVSS 36.3

EPSS0.43777

SSVC

CWE-434