Описание
F-logic DataCube3 v1.0 is vulnerable to Incorrect Access Control due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this, by sending a URI that contains the path of the configuration file. A successful exploit could allow the attacker to extract the root and admin password.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Одновременно
EPSS
9.8 Critical
CVSS3
Дефекты
Связанные уязвимости
F-logic DataCube3 v1.0 is vulnerable to Incorrect Access Control due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this, by sending a URI that contains the path of the configuration file. A successful exploit could allow the attacker to extract the root and admin password.
Уязвимость микропрограммного обеспечения терминальной измерительной системы для систем выработки электроэнергии F-logic DataCube3, связанная с недостатками контроля доступа, позволяющая нарушителю получить пароли учетных записей root и admin
EPSS
9.8 Critical
CVSS3