Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2023-7334

Changjetong T+ versions up to and including 16.x contain a .NET deserialization vulnerability in an AjaxPro endpoint that can lead to remote code execution. A remote attacker can send a crafted request to /tplus/ajaxpro/Ufida.T.CodeBehind._PriorityLevel,App_Code.ashx?method=GetStoreWarehouseByStore with a malicious JSON body that leverages deserialization of attacker-controlled .NET types to invoke arbitrary methods such as System.Diagnostics.Process.Start. This can result in execution of arbitrary commands in the context of the T+ application service account. Exploitation evidence was observed by the Shadowserver Foundation as early as 2023-08-19 (UTC).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 50.5%
CVSS Severity
CVSS v3 Score 9.8
Products affected by CVE-2023-7334
  • Chanjetvip » T+ » Version: 16.000.000.0259
    cpe:2.3:a:chanjetvip:t+:16.000.000.0259
  • Chanjetvip » T+ » Version: 16.000.000.0260
    cpe:2.3:a:chanjetvip:t+:16.000.000.0260
  • Chanjetvip » T+ » Version: 16.000.000.0261
    cpe:2.3:a:chanjetvip:t+:16.000.000.0261
  • Chanjetvip » T+ » Version: 16.000.000.0262
    cpe:2.3:a:chanjetvip:t+:16.000.000.0262
  • Chanjetvip » T+ » Version: 16.000.000.0264
    cpe:2.3:a:chanjetvip:t+:16.000.000.0264
  • Chanjetvip » T+ » Version: 16.000.000.0265
    cpe:2.3:a:chanjetvip:t+:16.000.000.0265
  • Chanjetvip » T+ » Version: 16.000.000.0266
    cpe:2.3:a:chanjetvip:t+:16.000.000.0266
  • Chanjetvip » T+ » Version: 16.000.000.0267
    cpe:2.3:a:chanjetvip:t+:16.000.000.0267
  • Chanjetvip » T+ » Version: 16.000.000.0268
    cpe:2.3:a:chanjetvip:t+:16.000.000.0268
  • Chanjetvip » T+ » Version: 16.000.000.0269
    cpe:2.3:a:chanjetvip:t+:16.000.000.0269
  • Chanjetvip » T+ » Version: 16.000.000.0270
    cpe:2.3:a:chanjetvip:t+:16.000.000.0270
  • Chanjetvip » T+ » Version: 16.000.000.0271
    cpe:2.3:a:chanjetvip:t+:16.000.000.0271
  • Chanjetvip » T+ » Version: 16.000.000.0272
    cpe:2.3:a:chanjetvip:t+:16.000.000.0272
  • Chanjetvip » T+ » Version: 16.000.000.0273
    cpe:2.3:a:chanjetvip:t+:16.000.000.0273
  • Chanjetvip » T+ » Version: 16.000.000.0274
    cpe:2.3:a:chanjetvip:t+:16.000.000.0274
  • Chanjetvip » T+ » Version: 16.000.000.0275
    cpe:2.3:a:chanjetvip:t+:16.000.000.0275
  • Chanjetvip » T+ » Version: 16.000.000.0276
    cpe:2.3:a:chanjetvip:t+:16.000.000.0276
  • Chanjetvip » T+ » Version: 16.000.000.0277
    cpe:2.3:a:chanjetvip:t+:16.000.000.0277
  • Chanjetvip » T+ » Version: 16.000.000.0278
    cpe:2.3:a:chanjetvip:t+:16.000.000.0278
  • Chanjetvip » T+ » Version: 16.000.000.0279
    cpe:2.3:a:chanjetvip:t+:16.000.000.0279
  • Chanjetvip » T+ » Version: 16.000.000.0280
    cpe:2.3:a:chanjetvip:t+:16.000.000.0280
  • Chanjetvip » T+ » Version: 16.000.000.0281
    cpe:2.3:a:chanjetvip:t+:16.000.000.0281
  • Chanjetvip » T+ » Version: 16.000.000.0282
    cpe:2.3:a:chanjetvip:t+:16.000.000.0282
  • Chanjetvip » T+ » Version: 16.000.000.0283
    cpe:2.3:a:chanjetvip:t+:16.000.000.0283


Products
Pricing
Contact Us

Shodan ® - All rights reserved