Out-of-bounds

A vulnerability has been found in Beijing Baichuo Smart S42 Management Platform up to 20240219 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /useratte/userattestation.php. The manipulation of the argument hidwel leads to unrestricted upload. Th...

Sql injection

A vulnerability, which was classified as critical, was found in Beijing Baichuo Smart S20 Management Platform up to 20231120. This affects an unknown part of the file /sysmanage/sysmanageajax.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack...

CVE-2024-1254

Summary: CVE-2024-1254 affects Beijing Baichuo / Byzoro Smart S20 Management Platform up to 20231120. The vulnerability is in the file /sysmanage/sysmanageajax.php, where manipulation of the id parameter yields an SQL injection. Exploitation is possible remotely, and public exploits have been dis...

Out-of-bounds

A vulnerability, which was classified as critical, has been found in Beijing Baichuo Smart S40 Management Platform up to 20240126. Affected by this issue is some unknown functionality of the file /useratte/web.php of the component Import Handler. The manipulation of the argument fileupload leads ...

PT-2024-15924 · Beijing Baichuo · Beijing Baichuo Smart S210 Management Platform

Name of the Vulnerable Software and Affected Versions: Beijing Baichuo Smart S210 Management Platform versions up to 20240117 Description: A critical vulnerability has been found in the Beijing Baichuo Smart S210 Management Platform. The issue affects the file /Tool/uploadfile.php, where the...

CVE-2024-0716

CVE-2024-0716 affects Byzoro Smart S150 Management Platform v31R02B15, specifically the Backup File Handler component’s /log/download.php, where manipulation leads to information disclosure. The connected PT-2024-15776 entry provides concrete details: remote initiation is possible, attack complex...

Improper access control

A vulnerability was found in Beijing Baichuo Smart S150 Management Platform V31R02B15. It has been classified as critical. Affected is an unknown function of the file /useratte/inc/userattea.php. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The...

Out-of-bounds

A vulnerability was found in Beijing Baichuo Smart S150 Management Platform up to 20240101. It has been rated as critical. Affected by this issue is some unknown functionality of the file /useratte/userattestation.php of the component HTTP POST Request Handler. The manipulation of the argument...

CVE-2024-0300

CVE-2024-0300 affects Beijing Baichuo/ Byzoro Smart S150 Management Platform up to version 20240101. The issue lies in the HTTP POST Request Handler, specifically the /useratte/userattestation.php component, where manipulating the web_img (or web img) parameter enables unrestricted file upload. T...

CVE-2023-6574

CVE-2023-6574 affects Byzoro Smart S20 (up to 20231120) and Beijing Baichuo Smart S20. The flaw is in the HTTP POST Request Handler, specifically the 1_file_upload argument in /sysmanage/updateos.php, whose manipulation leads to unrestricted file upload. The vulnerability allows remote exploitati...

Beijing Baichuo Smart S20 Code Issue Vulnerability

Beijing Baichuo Smart S20 is an Internet Behavior Management appliance from Beijing Baichuo, China. The Beijing Baichuo Smart S20 suffers from a code issue vulnerability that arises from the parameter 1fileupload in the file /sysmanage/updateos.php, which can lead to unrestricted uploads...

Out-of-bounds

A vulnerability was found in Beijing Baichuo Smart S80 up to 20231108. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /sysmanage/updatelib.php of the component PHP File Handler. The manipulation of the argument fileupload leads to...

CVE-2023-6274

Byzoro Smart S80 up to 20231108 has a vulnerability in /sysmanage/updatelib.php (PHP File Handler) where the file_upload parameter can be manipulated to achieve unrestricted uploads. The vulnerability is exploitable remotely and the exploit has been publicly disclosed (VDB-246103). Connected advi...

Security feature bypass

A vulnerability, which was classified as problematic, was found in Beijing Baichuo Smart S85F Management Platform V31R02B10-01. Affected is an unknown function of the file /login.php. The manipulation of the argument txtnewpwd leads to weak password recovery. The exploit has been disclosed to the...

CVE-2023-5959

Summary: CVE-2023-5959 affects Byzoro Smart S85F Management Platform v31R02B10-01. The vulnerability is in an unknown function of /login.php where manipulating the txt_newpwd parameter leads to weak password recovery. Public disclosure is noted. The issue is described as a technical weakness rath...

Command injection

A vulnerability was found in Beijing Baichuo Smart S85F Management Platform up to 20231012. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /importexport.php. The manipulation leads to os command injection. The attack can be launched...

CVE-2023-5684

CVE-2023-5684 affects Byzoro Smart S85F Management Platform (and related Beijing Baichuo variant) up to version 20231012. Affects an unknown functionality in /importexport.php, where manipulation leads to OS command injection. Impact is execution of commands with remote access; exploitation is po...

Command injection

A vulnerability was found in Beijing Baichuo Smart S85F Management Platform up to 20231010 and classified as critical. This issue affects some unknown processing of the file /sysmanage/importconf.php. The manipulation of the argument btnfilerenew leads to os command injection. The attack may be...

Command injection

A vulnerability was found in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928 and classified as critical. Affected by this issue is some unknown functionality of the file /log/download.php. The manipulation of the argument file leads to os...

Out-of-bounds

A vulnerability has been found in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /useratte/web.php. The manipulation of the argument fileuploa...