CVE-2024-22074: 
Dynamsoft Service vulnerability analysis and mitigation

CVE-2024-22074 affects Dynamsoft Service, a client-side component of Dynamic Web TWAIN, across multiple versions including 1.8.1025 through 1.8.2013, 1.7.0330 through 1.7.2531, 1.6.0428 through 1.6.1112, 1.5.0625 through 1.5.3116, 1.4.0618 through 1.4.1230, and 1.0.516 through 1.3.0115. The vulnerability is related to Incorrect Access Control (NVD, Vendor Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 9.8 (CRITICAL) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. The issue stems from inadequate verification processes in the client-side component of the Dynamsoft Service module, which could potentially allow remote code execution (NVD).

The vulnerability poses a significant security risk as it could allow malicious code to be executed remotely on end-user machines. The high CVSS score indicates potential complete compromise of confidentiality, integrity, and availability of the affected systems (Vendor Advisory).

The vulnerability has been fixed in versions 1.8.2014, 1.7.4212, 1.6.3212, 1.5.31212, 1.4.3212, and 1.3.3212. Users are strongly recommended to upgrade to these fixed versions to address the vulnerability and reduce the risk of exploitation (Vendor Advisory).