Vulnerability Details CVE-2024-25830
F-logic DataCube3 v1.0 is vulnerable to Incorrect Access Control due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this, by sending a URI that contains the path of the configuration file. A successful exploit could allow the attacker to extract the root and admin password.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.278
EPSS Ranking 96.3%
CVSS Severity
CVSS v3 Score 9.8
References
Products affected by CVE-2024-25830
-
cpe:2.3:h:f-logic:datacube3:-
-
cpe:2.3:o:f-logic:datacube3_firmware:1.0