Changingtec
Products
4- 5 CVEs
- 3 CVEs
- 1 CVE
- 0 CVEs
Recent CVEs
9| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-39060 | Cri | 0.64 | 9.8 | 0.01 | Jan 31, 2023 | ChangingTech MegaServiSignAdapter component has a vulnerability of improper input validation. An unauthenticated remote attacker can exploit this vulnerability to access and modify HKEY_CURRENT_USER subkey (ex: AutoRUN) in Registry where malicious scripts can be executed to take… | ||
| CVE-2022-46306 | Hig | 0.57 | 8.8 | 0.01 | Jan 3, 2023 | ChangingTec ServiSign component has a path traversal vulnerability due to insufficient filtering for special characters in the DLL file path. An unauthenticated remote attacker can host a malicious website for the component user to access, which triggers the component to load… | ||
| CVE-2022-46304 | Hig | 0.57 | 8.8 | 0.02 | Jan 3, 2023 | ChangingTec ServiSign component has insufficient filtering for special characters in the connection response parameter. An unauthenticated remote attacker can host a malicious website for the component user to access, which triggers command injection and allows the attacker to… | ||
| CVE-2020-3925 | Hig | 0.54 | 8.3 | 0.03 | Feb 3, 2020 | A Remote Code Execution(RCE) vulnerability exists in some designated applications in ServiSign security plugin, as long as the interface is captured, attackers are able to launch RCE and executes arbitrary command on target system via malicious crafted scripts. | ||
| CVE-2022-39059 | Hig | 0.49 | 7.5 | 0.01 | Jan 31, 2023 | ChangingTech MegaServiSignAdapter component has a path traversal vulnerability within its file reading function. An unauthenticated remote attacker can exploit this vulnerability to access arbitrary system files. | ||
| CVE-2022-39061 | Med | 0.42 | 6.5 | 0.01 | Jan 31, 2023 | ChangingTech MegaServiSignAdapter component has a vulnerability of Out-of-bounds Read due to insufficient validation for parameter length. An unauthenticated remote attacker can exploit this vulnerability to access partial sensitive content in memory and disrupts partial… | ||
| CVE-2022-46305 | Med | 0.42 | 6.5 | 0.00 | Jan 3, 2023 | ChangingTec ServiSign component has a path traversal vulnerability. An unauthenticated LAN attacker can exploit this vulnerability to bypass authentication and access arbitrary system files. | ||
| CVE-2020-3926 | Med | 0.40 | 6.1 | 0.01 | Feb 3, 2020 | An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter. | ||
| CVE-2023-22901 | Med | 0.32 | 4.9 | 0.01 | Apr 27, 2023 | ChangingTec MOTP system has a path traversal vulnerability. A remote attacker with administrator’s privilege can exploit this vulnerability to access arbitrary system files. |
- risk 0.64cvss 9.8epss 0.01
ChangingTech MegaServiSignAdapter component has a vulnerability of improper input validation. An unauthenticated remote attacker can exploit this vulnerability to access and modify HKEY_CURRENT_USER subkey (ex: AutoRUN) in Registry where malicious scripts can be executed to take…
- risk 0.57cvss 8.8epss 0.01
ChangingTec ServiSign component has a path traversal vulnerability due to insufficient filtering for special characters in the DLL file path. An unauthenticated remote attacker can host a malicious website for the component user to access, which triggers the component to load…
- risk 0.57cvss 8.8epss 0.02
ChangingTec ServiSign component has insufficient filtering for special characters in the connection response parameter. An unauthenticated remote attacker can host a malicious website for the component user to access, which triggers command injection and allows the attacker to…
- risk 0.54cvss 8.3epss 0.03
A Remote Code Execution(RCE) vulnerability exists in some designated applications in ServiSign security plugin, as long as the interface is captured, attackers are able to launch RCE and executes arbitrary command on target system via malicious crafted scripts.
- risk 0.49cvss 7.5epss 0.01
ChangingTech MegaServiSignAdapter component has a path traversal vulnerability within its file reading function. An unauthenticated remote attacker can exploit this vulnerability to access arbitrary system files.
- risk 0.42cvss 6.5epss 0.01
ChangingTech MegaServiSignAdapter component has a vulnerability of Out-of-bounds Read due to insufficient validation for parameter length. An unauthenticated remote attacker can exploit this vulnerability to access partial sensitive content in memory and disrupts partial…
- risk 0.42cvss 6.5epss 0.00
ChangingTec ServiSign component has a path traversal vulnerability. An unauthenticated LAN attacker can exploit this vulnerability to bypass authentication and access arbitrary system files.
- risk 0.40cvss 6.1epss 0.01
An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter.
- risk 0.32cvss 4.9epss 0.01
ChangingTec MOTP system has a path traversal vulnerability. A remote attacker with administrator’s privilege can exploit this vulnerability to access arbitrary system files.