FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial
FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial

CVE-2024-2318

Path Traversal: '../filedir' (CWE-24)

Published: Mar 8, 2024 / Updated: 8mo ago

010
CVSS 4.3EPSS 0.05%Medium
CVE info copied to clipboard

A vulnerability was found in ZKTeco ZKBio Media 2.0.0_x64_2024-01-29-1028. It has been classified as problematic. Affected is an unknown function of the file /pro/common/download of the component Service Port 9999. The manipulation of the argument fileName with the input ../../../../zkbio_media.sql leads to path traversal: '../filedir'. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256272. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Timeline

CVE Assignment

NVD published the first details for CVE-2024-2318

Mar 8, 2024 at 5:15 AM
First Article

Feedly found the first article mentioning CVE-2024-2318. See article

Mar 8, 2024 at 6:59 AM / VulDB Recent Entries
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Mar 8, 2024 at 6:59 AM
EPSS

EPSS Score was set to: 0.05% (Percentile: 12.6%)

Mar 9, 2024 at 11:01 PM
Static CVE Timeline Graph

Affected Systems

Zkteco
+null more

News

The Good, the Bad and the Ugly in Cybersecurity – Week 22
Cyber Security News - The Reddit of Infosec / 5mo
An exploit has been released for a maximum severity remote code execution (RCE) flaw in Fortinet’s security information and event management (SIEM) solution. The botnet industry took a serious hit this week as law enforcement in the U.S. and in Europe executed two major operations to dismantle 911 S5 – likely one of the world’s largest botnets, and an extensive ecosystem of malware droppers including IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee and Trickbot, respectively.
The Good, the Bad and the Ugly in Cybersecurity – Week 22
Cybersecurity Blog | SentinelOne / 5mo
An exploit has been released for a maximum severity remote code execution (RCE) flaw in Fortinet’s security information and event management (SIEM) solution. The botnet industry took a serious hit this week as law enforcement in the U.S. and in Europe executed two major operations to dismantle 911 S5 – likely one of the world’s largest botnets, and an extensive ecosystem of malware droppers including IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee and Trickbot, respectively.
Update Fri Apr 26 09:59:13 UTC 2024
Recent Commits to cve:main / 6mo
Update Fri Apr 26 09:59:13 UTC 2024
Update Wed Apr 17 10:05:39 UTC 2024
Recent Commits to cve:main / 7mo
Update Wed Apr 17 10:05:39 UTC 2024
Update Fri Mar 29 09:56:26 UTC 2024
Recent Commits to cve:main / 7mo
Update Fri Mar 29 09:56:26 UTC 2024
See 14 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:Low
Integrity:None
Availability Impact:None

Categories

CVSS 4.3(21798)CWE-24(56)

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI

Feedly Threat Intelligence30-day free trial