CVE-2022-39060— ChangingTec MegaServiSignAdapter - Improper Input Validation

CVSS 9.8 · Critical EPSS 1.04% · P78 Updated Mar 28, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-39060

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

ChangingTec MegaServiSignAdapter - Improper Input Validation

Source: NVD (National Vulnerability Database)

Vulnerability Description

ChangingTech MegaServiSignAdapter component has a vulnerability of improper input validation. An unauthenticated remote attacker can exploit this vulnerability to access and modify HKEY_CURRENT_USER subkey (ex: AutoRUN) in Registry where malicious scripts can be executed to take control of the system or to terminate the service.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Source: NVD (National Vulnerability Database)

Vulnerability Type

输入验证不恰当

Source: NVD (National Vulnerability Database)

Vulnerability Title

Changingtec ServiSign 输入验证错误漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Changingtec ServiSign是中国台湾全景软件（Changingtec）公司的一个系统。该系统提供了数字签名和验证的跨平台解决方案。 ChangingTech MegaServiSignAdapter存在输入验证错误漏洞，该漏洞源于存在输入验证不当，未经身份验证的远程攻击者利用此漏洞可以访问和修改注册表中的HKEY_CURRENT_USER子项，从而执行恶意脚本来控制系统或终止服务。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
ChangingTec	MegaServiSignAdapter	1.0.17.0823	-

II. Public POCs for CVE-2022-39060

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2022-39060

请登录查看更多情报信息。

Same Patch Batch · ChangingTec · 2023-01-31 · 3 CVEs total

CVE-2022-39059	7.5 HIGH	ChangingTec MegaServiSignAdapter - Path Traversal
CVE-2022-39061	6.5 MEDIUM	ChangingTec MegaServiSignAdapter - Out-of-bounds Read

IV. Related Vulnerabilities

Same product: MegaServiSignAdapter

Same vendor: ChangingTec

Same weakness: CWE-20

V. Comments for CVE-2022-39060

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2022-39060— ChangingTec MegaServiSignAdapter - Improper Input Validation

I. Basic Information for CVE-2022-39060

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2022-39060

III. Intelligence Information for CVE-2022-39060

Same Patch Batch · ChangingTec · 2023-01-31 · 3 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2022-39060

Leave a comment