← back
CVE-2023-25914

Authneticated Path Traversal in Danfoss AK-SM800A

CVSS 8.8 HIGHEPSS 0.7%CWE-22
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.8EPSS 0.7%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
21 Aug 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Due to improper restriction, authenticated attackers could retrieve and read system files of the underlying server through the XML interface. The information that can be read can lead to a full system compromise.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
Danfoss · AK-SM800A

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://csirt.divd.nl/CVE-2023-25914https://csirt.divd.nl/DIVD-2023-00025