VYPR
Vendor

Changingtec

Products
4
CVEs
9
Across products
9
Status
Private

Products

4

Recent CVEs

9
  • CVE-2022-39060CriJan 31, 2023
    risk 0.64cvss 9.8epss 0.01

    ChangingTech MegaServiSignAdapter component has a vulnerability of improper input validation. An unauthenticated remote attacker can exploit this vulnerability to access and modify HKEY_CURRENT_USER subkey (ex: AutoRUN) in Registry where malicious scripts can be executed to take…

  • CVE-2022-46306HigJan 3, 2023
    risk 0.57cvss 8.8epss 0.01

    ChangingTec ServiSign component has a path traversal vulnerability due to insufficient filtering for special characters in the DLL file path. An unauthenticated remote attacker can host a malicious website for the component user to access, which triggers the component to load…

  • CVE-2022-46304HigJan 3, 2023
    risk 0.57cvss 8.8epss 0.02

    ChangingTec ServiSign component has insufficient filtering for special characters in the connection response parameter. An unauthenticated remote attacker can host a malicious website for the component user to access, which triggers command injection and allows the attacker to…

  • CVE-2020-3925HigFeb 3, 2020
    risk 0.54cvss 8.3epss 0.03

    A Remote Code Execution(RCE) vulnerability exists in some designated applications in ServiSign security plugin, as long as the interface is captured, attackers are able to launch RCE and executes arbitrary command on target system via malicious crafted scripts.

  • CVE-2022-39059HigJan 31, 2023
    risk 0.49cvss 7.5epss 0.01

    ChangingTech MegaServiSignAdapter component has a path traversal vulnerability within its file reading function. An unauthenticated remote attacker can exploit this vulnerability to access arbitrary system files.

  • CVE-2022-39061MedJan 31, 2023
    risk 0.42cvss 6.5epss 0.01

    ChangingTech MegaServiSignAdapter component has a vulnerability of Out-of-bounds Read due to insufficient validation for parameter length. An unauthenticated remote attacker can exploit this vulnerability to access partial sensitive content in memory and disrupts partial…

  • CVE-2022-46305MedJan 3, 2023
    risk 0.42cvss 6.5epss 0.00

    ChangingTec ServiSign component has a path traversal vulnerability. An unauthenticated LAN attacker can exploit this vulnerability to bypass authentication and access arbitrary system files.

  • CVE-2020-3926MedFeb 3, 2020
    risk 0.40cvss 6.1epss 0.01

    An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter.

  • CVE-2023-22901MedApr 27, 2023
    risk 0.32cvss 4.9epss 0.01

    ChangingTec MOTP system has a path traversal vulnerability. A remote attacker with administrator’s privilege can exploit this vulnerability to access arbitrary system files.