CVE-2024-12646

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Dec 16, 2024

CWE ID 352

CWE ID 36

Summary

CVE-2024-12646 is a newly disclosed vulnerability affecting the topm-client software from Chunghwa Telecom. This application, which sets up a local web server for communication with target websites, is found to be vulnerable to Arbitrary File Delete attacks. An attacker, without authentication, can exploit the lack of Cross-Site Request Forgery (CSRF) protection in the APIs and use phishing techniques to trigger the vulnerable APIs. Moreover, one of the APIs contains an Absolute Path Traversal vulnerability, enabling attackers to delete arbitrary files on the user's system. This vulnerability poses a significant risk, especially if the topm-client is used in environments with untrusted or public internet access.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database