Skip to main content

Synthesis Image System

4 CVEs product

Monthly

CVE-2024-38468 CRITICAL Act Now

Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorized password resets via the resetPassword API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Synthesis Image System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-38467 HIGH This Week

Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorized user information retrieval via the queryUser API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Synthesis Image System
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-38466 CRITICAL Act Now

Shenzhen Guoxin Synthesis image system before 8.3.0 has a 123456Qw default password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Synthesis Image System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-38465 MEDIUM This Month

Shenzhen Guoxin Synthesis image system before 8.3.0 allows username enumeration because of the response discrepancy of incorrect versus error. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Synthesis Image System
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
EPSS 0% CVSS 9.8
CRITICAL Act Now

Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorized password resets via the resetPassword API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Synthesis Image System
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorized user information retrieval via the queryUser API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Synthesis Image System
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

Shenzhen Guoxin Synthesis image system before 8.3.0 has a 123456Qw default password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Synthesis Image System
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

Shenzhen Guoxin Synthesis image system before 8.3.0 allows username enumeration because of the response discrepancy of incorrect versus error. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Synthesis Image System
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy