CVE-2024-13982 (CNNVD-202508-3156)
中文标题:
SPON IP Network Broadcast System 安全漏洞
英文标题:
SPON IP Network Intercom System rj_get_token.php Arbitrary File Read
漏洞描述
中文描述:
SPON IP Network Broadcast System是中国世邦(SPON)公司的一种基于IP网络的纯数字广播系统。 SPON IP Network Broadcast System存在安全漏洞,该漏洞源于输入验证不足,可能导致任意文件读取。
英文描述:
SPON IP Network Broadcast System, a digital audio transmission platform developed by SPON Communications, contains an arbitrary file read vulnerability in the rj_get_token.php endpoint. The flaw arises from insufficient input validation on the jsondata[url] parameter, which allows attackers to perform directory traversal and access sensitive files on the server. An unauthenticated remote attacker can exploit this vulnerability by sending a crafted POST request to read arbitrary files, potentially exposing system configuration, credentials, or internal logic. An affected version range is undefined.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| Changsha SPON Communication Technology Co. Ltd. | SPON IP Network Broadcast System | * | - | - |
cpe:2.3:a:changsha_spon_communication_technology_co._ltd.:spon_ip_network_broadcast_system:*:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
CVSS评分详情
4.0 (cna)
HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2024-13982 |
2025-11-11 15:22:22 | 2025-11-11 07:39:01 |
| NVD | nvd_CVE-2024-13982 |
2025-11-11 15:00:21 | 2025-11-11 07:47:03 |
| CNNVD | cnnvd_CNNVD-202508-3156 |
2025-11-11 15:12:55 | 2025-11-11 08:00:07 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 其他
- cnnvd_id: 未提取 -> CNNVD-202508-3156
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- data_sources: ['cve'] -> ['cve', 'nvd']