exploitDog

CVE-2024-1303

Опубликовано: 12 мар. 2024

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

Incorrectly limiting the path to a restricted directory vulnerability in Badger Meter Monitool that affects versions up to 4.6.3 and earlier. This vulnerability allows an authenticated attacker to retrieve any file from the device using the download-file functionality.

Ссылки

https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-badger-meters-monitool
Third Party Advisory
https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-badger-meters-monitool
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:badgermeter:monitool:*:*:*:*:*:*:*:*

Версия до 4.7 (исключая)

EPSS

Процентиль: 66%

0.00525

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-22

CWE-22

Связанные уязвимости

GHSA-g662-fqhc-2vp3

CVSS3: 6.5

github

почти 2 года назад

Incorrectly limiting the path to a restricted directory vulnerability in Badger Meter Monitool that affects versions up to 4.6.3 and earlier. This vulnerability allows an authenticated attacker to retrieve any file from the device using the download-file functionality.

EPSS

Процентиль: 66%

0.00525

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-22

CWE-22