CVE-2024-9554

LOW

Sovell Smart Canteen System <3.0.7303.30513 - Auth Bypass

Title source: llm

Description

A vulnerability classified as problematic was found in Sovell Smart Canteen System up to 3.0.7303.30513. Affected by this vulnerability is the function Check_ET_CheckPwdz201 of the file suanfa.py of the component Password Reset Handler. The manipulation leads to authorization bypass. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.

References (4)

Core 4

Core References

Permissions Required, VDB Entry vdb-entry technical-description

https://vuldb.com/?id.279361

Permissions Required, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.279361

Permissions Required, VDB Entry third-party-advisory

https://vuldb.com/?submit.412954

Various Sources related

https://github.com/qieziwa/Code_vulnerability/blob/main/%E9%9B%84%E4%BC%9F-%E9%A4%90%E5%8E%85%E6%95%B0%E5%AD%97%E5%8C%96%E4%BB%BB%E6%84%8F%E5%AF%86%E7%A0%81%E9%87%8D%E7%BD%AE.md

Scores

CVSS v3 3.7

EPSS 0.0007

EPSS Percentile 20.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-639

Status published

Products (1)

Sovell/Smart Canteen System 3.0.7303.30513

Published Oct 06, 2024

Tracked Since Feb 18, 2026