Vulnerabilities > CVE-2024-3775 - Unspecified vulnerability in Aenrich A+Hrd

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

aenrich

NVD

Published: 2024-04-15

Updated: 2025-04-08

Summary

aEnrich Technology a+HRD's functionality for downloading files using youtube-dl.exe does not properly restrict user input. This allows attackers to pass arbitrary arguments to youtube-dl.exe, leading to the download of partial unauthorized files.

Vulnerable Configurations

Part	Description	Count
Application	Aenrich Aenrich A+Hrd 6.8 Aenrich A+Hrd 7.0 Aenrich A+Hrd 7.1 Aenrich A+Hrd 7.2	4

References

https://www.twcert.org.tw/tw/cp-132-7726-e5f70-1.html
https://www.twcert.org.tw/tw/cp-132-7726-e5f70-1.html