CVE-2024-38468: Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorized password resets via the resetPassword API.
9.8
CVSS
Description
Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorized password resets via the resetPassword API.
Classification
CVE ID: CVE-2024-38468
CVSS Base Severity: CRITICAL
CVSS Base Score: 9.8
Affected Products
Vendor: n/a
Product: n/a
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.2% (probability of being exploited)
EPSS Percentile: 42.36% (scored less or equal to compared to others)
EPSS Date: 2025-04-24 (when was this score calculated)
Stakeholder-Specific Vulnerability Categorization (SSVC)
SSVC Exploitation: none
SSVC Technical Impact: partial
SSVC Automatable: false
References
https://nvd.nist.gov/vuln/detail/CVE-2024-38468https://github.com/Pumpkin-ito/Cve-Vuln/blob/main/Guosen%20synthetic%20imaging%20system%20vulnerability.pdf