ГлавнаяУязвимости → CVE-2024-25830
9.8критическая

CVE-2024-25830

Описание

F-logic DataCube3 v1.0 is vulnerable to Incorrect Access Control due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this, by sending a URI that contains the path of the configuration file. A successful exploit could allow the attacker to extract the root and admin password.

Затрагиваемое ПО
F-logic Datacube3 firmwareF-logic Datacube3
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://neroteam.com/blog/f-logic-datacube3-vulnerability-reporthttps://neroteam.com/blog/f-logic-datacube3-vulnerability-report