6 matches found
CVE-2024-38465
Shenzhen Guoxin Synthesis image system before 8.3.0 allows username enumeration because of the response discrepancy of incorrect versus error...
CVE-2024-38466
Shenzhen Guoxin Synthesis image system before 8.3.0 has a 123456Qw default password...
CVE-2024-38465
Shenzhen Guoxin Synthesis image system before 8.3.0 allows username enumeration because of the response discrepancy of incorrect versus error...
CVE-2024-38468
Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorized password resets via the resetPassword API...
PT-2024-28019 · Shenzhen Guoxin · Shenzhen Guoxin Synthesis Image System
Name of the Vulnerable Software and Affected Versions: Shenzhen Guoxin Synthesis image system versions prior to 8.3.0 Description: The issue allows username enumeration due to a response discrepancy between incorrect and error responses. Recommendations: For versions prior to 8.3.0, update to...
CVE-2024-38467
The CVE-2024-38467 vulnerability affects Shenzhen Guoxin Synthesis Image System prior to version 8.3.0. The issue permits unauthorized retrieval of user information via the queryUser API, with CVSS v3.1 base score 7.5 (HIGH) and network access, no privileges or user interaction required. Remediat...