CVE-2024-7729

CAYIN Technology CMS - Sensitive File Download

Description

The CAYIN Technology CMS lacks proper access control, allowing unauthenticated remote attackers to download arbitrary CGI files.

Remediation

Solution:

  • Install patch P24012 or later for following versions: SMP-2100 v3.0 SMP-2200 v3.0 SMP-2210 v3.0 SMP-2300 v3.0 SMP-2310 v3.0 SMP-6000 v3.0 SMP-8000 v3.0 SMP-8000QD v3.0 Install patch P24006 or later for following versions: CMS-20 v11.0 CMS-60 v11.0 CMS-SE v11.0 CMS-SE(18.04) v11.0 Install patch P24007 or later for following versions: CMS-SE(22.04) v11.0 Install patch P24008 or later for following versions: SMP-2200 v4.0 SMP-2210 v4.0 SMP-2300 v4.0 SMP-2310 v4.0 SMP-8100 v4.0 Install patch P24009 or later for following versions: SMP-2400 v4.0

Category

7.5
CVSS
Severity: High
CVSS 3.1 •
EPSS 0.20%
Third-Party Advisory org.tw Third-Party Advisory org.tw
Affected: CAYIN Technology SMP-2100
Affected: CAYIN Technology SMP-2200
Affected: CAYIN Technology SMP-2210
Affected: CAYIN Technology SMP-2300
Affected: CAYIN Technology SMP-2310
Affected: CAYIN Technology SMP-6000
Affected: CAYIN Technology SMP-8000
Affected: CAYIN Technology SMP-8000QD
Affected: CAYIN Technology CMS-20
Affected: CAYIN Technology CMS-60
Affected: CAYIN Technology CMS-SE
Affected: CAYIN Technology CMS-SE(18.04)
Affected: CAYIN Technology CMS-SE(22.04)
Affected: CAYIN Technology SMP-8100
Affected: CAYIN Technology SMP-2400
Published at:
Updated at:

References

Link Tags
https://www.twcert.org.tw/tw/cp-132-8003-5543e-1.html third party advisory
https://www.twcert.org.tw/en/cp-139-8004-ed9aa-2.html third party advisory
https://resource1.cayintech.com/patch/ patch

Frequently Asked Questions

What is the severity of CVE-2024-7729?
CVE-2024-7729 has been scored as a high severity vulnerability.
How to fix CVE-2024-7729?
To fix CVE-2024-7729: Install patch P24012 or later for following versions: SMP-2100 v3.0 SMP-2200 v3.0 SMP-2210 v3.0 SMP-2300 v3.0 SMP-2310 v3.0 SMP-6000 v3.0 SMP-8000 v3.0 SMP-8000QD v3.0 Install patch P24006 or later for following versions: CMS-20 v11.0 CMS-60 v11.0 CMS-SE v11.0 CMS-SE(18.04) v11.0 Install patch P24007 or later for following versions: CMS-SE(22.04) v11.0 Install patch P24008 or later for following versions: SMP-2200 v4.0 SMP-2210 v4.0 SMP-2300 v4.0 SMP-2310 v4.0 SMP-8100 v4.0 Install patch P24009 or later for following versions: SMP-2400 v4.0
Is CVE-2024-7729 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-7729 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-7729?
CVE-2024-7729 affects CAYIN Technology SMP-2100, CAYIN Technology SMP-2200, CAYIN Technology SMP-2210, CAYIN Technology SMP-2300, CAYIN Technology SMP-2310, CAYIN Technology SMP-6000, CAYIN Technology SMP-8000, CAYIN Technology SMP-8000QD, CAYIN Technology CMS-20, CAYIN Technology CMS-60, CAYIN Technology CMS-SE, CAYIN Technology CMS-SE(18.04), CAYIN Technology CMS-SE(22.04), CAYIN Technology SMP-8100, CAYIN Technology SMP-2400.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.