MidnightBSD

Advisories for guoxinled

CVE-2024-38465

Shenzhen Guoxin Synthesis image system before 8.3.0 allows username enumeration because of the response discrepancy of incorrect versus error.

Products Affected

Vendor Product Version
guoxinled synthesis_image_system *
CVE-2024-38466

Shenzhen Guoxin Synthesis image system before 8.3.0 has a 123456Qw default password.

Products Affected

Vendor Product Version
guoxinled synthesis_image_system *
CVE-2024-38467

Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorized user information retrieval via the queryUser API.

Products Affected

Vendor Product Version
guoxinled synthesis_image_system *
CVE-2024-38468

Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorized password resets via the resetPassword API.

Products Affected

Vendor Product Version
guoxinled synthesis_image_system *