{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-26T17:46:21.033","vulnerabilities":[{"cve":{"id":"CVE-2024-2413","sourceIdentifier":"twcert@cert.org.tw","published":"2024-03-13T03:15:06.793","lastModified":"2026-06-17T07:24:29.237","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Intumit SmartRobot uses a fixed encryption key for authentication. Remote attackers can use this key to encrypt a string composed of the user's name and timestamp to generate an authentication code. With this authentication code, they can obtain administrator privileges and subsequently execute arbitrary code on the remote server using built-in system functionality."},{"lang":"es","value":"Intumit SmartRobot utiliza una clave de cifrado fija para la autenticación. Los atacantes remotos pueden usar esta clave para cifrar una cadena compuesta por el nombre del usuario y la marca de tiempo para generar un código de autenticación. Con este código de autenticación, pueden obtener privilegios de administrador y posteriormente ejecutar código arbitrario en el servidor remoto utilizando la funcionalidad integrada del sistema."}],"affected":[{"source":"twcert@cert.org.tw","affectedData":[{"vendor":"Intumit","product":"SmartRobot","defaultStatus":"unaffected","versions":[{"version":"earlier version","lessThanOrEqual":"v6.1.2-202212tw","versionType":"custom","status":"affected"}]}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","affectedData":[{"vendor":"intumit","product":"smartrobot","defaultStatus":"unknown","cpes":["cpe:2.3:h:intumit:smartrobot:-:*:*:*:*:*:*:*"],"versions":[{"version":"0","lessThan":"v6.1.2-202212tw","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"twcert@cert.org.tw","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-03-13T14:27:09.797092Z","id":"CVE-2024-2413","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"twcert@cert.org.tw","type":"Secondary","description":[{"lang":"en","value":"CWE-321"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:intumit:smartrobot:*:*:*:*:*:*:*:*","versionEndExcluding":"6.2.0-202303TW","matchCriteriaId":"89A3232B-BD06-4133-BADF-5725F4E32CA2"}]}]}],"references":[{"url":"https://www.twcert.org.tw/tw/cp-132-7697-ecf10-1.html","source":"twcert@cert.org.tw","tags":["Third Party Advisory"]},{"url":"https://www.twcert.org.tw/tw/cp-132-7697-ecf10-1.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}