Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-12642
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Chunghwa Telecom TenderDocTransfer - Arbitrary File Write
Source: NVD (National Vulnerability Database)
Vulnerability Description
TenderDocTransfer from Chunghwa Telecom has an Arbitrary File Write vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection for the APIs, unauthenticated remote attackers could use these APIs through phishing. Additionally, one of the APIs contains a Relative Path Traversal vulnerability, allowing attackers to write arbitrary files to any path on the user's system.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
跨站请求伪造(CSRF)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Chunghwa Telecom TenderDocTransfer 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Chunghwa Telecom TenderDocTransfer是中国中华电信(Chunghwa Telecom)公司的一款应用程序。 Chunghwa Telecom TenderDocTransfer存在安全漏洞,该漏洞源于存在任意文件写入和缺少CSRF保护,以及API中的相对路径遍历漏洞,允许未认证的远程攻击者通过网络钓鱼写入任意文件到用户系统的任何路径。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
Chunghwa TelecomTenderDocTransfer 0.41.151 ~ 0.41.156 -
II. Public POCs for CVE-2024-12642
#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2024-12642
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same product: TenderDocTransfer
Same vendor: Chunghwa Telecom
Same weakness: CWE-352
V. Comments for CVE-2024-12642

No comments yet

Leave a comment