ID
VAR-201810-1624
TITLE
Any user password retrieval vulnerability exists on the smart campus platform
Trust: 0.6
DESCRIPTION
The smart campus platform is a set of smart campus systems developed by Guangdong Zhizhe Internet of Things Technology Co., Ltd. The system involves a number of functional modules such as teaching affairs scheduling, class adjustment, class statistics, teacher leave, student big data management platform, attendance management, logistics equipment management, home-school communication platform and other functional modules. The smart campus platform has an arbitrary user password retrieval vulnerability. The vulnerability stems from a flaw in the authentication mechanism when the user password is reset in the forgot password function. An attacker can use the vulnerability to set a new user password and view student information after obtaining application permissions.
Trust: 0.6
IOT TAXONOMY
| category: | ['IoT'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | guangdong smart embedded internet of things | model: | campus platform | scope: | - | version: | - | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||
|
|
PATCH
| title: | Smart campus platform has logic flaws | url: | https://www.cnvd.org.cn/patchinfo/show/139683 | Trust: 0.6 |
EXTERNAL IDS
| db: | CNVD | id: | CNVD-2018-18157 | Trust: 0.6 |
SOURCES
| db: | CNVD | id: | CNVD-2018-18157 |
LAST UPDATE DATE
2022-05-04T10:26:22.160000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2018-18157 | date: | 2018-09-11T00:00:00 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2018-18157 | date: | 2018-10-07T00:00:00 |