F-Logic: >> Datacube3 Firmware >> 1.0 Security Vulnerabilities
F-logic DataCube3 v1.0 is affected by command injection due to improper string filtering at the command execution point in the ./admin/transceiver_schedule.php file. An unauthenticated remote attacker can exploit this vulnerability by sending a file name containing command injection. Successful exploitation of this vulnerability may allow the attacker to execute system commands.
CVSS Score
6.3
EPSS Score
0.003
Published
2024-05-28
F-logic DataCube3 v1.0 is vulnerable to File Upload via `/admin/transceiver_schedule.php.`
CVSS Score
9.8
EPSS Score
0.03
Published
2024-05-28
SQL injection vulnerability in f-logic datacube3 v.1.0 allows a remote attacker to obtain sensitive information via the req_id parameter.
CVSS Score
9.8
EPSS Score
0.922
Published
2024-04-19
F-logic DataCube3 v1.0 is vulnerable to Incorrect Access Control due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this, by sending a URI that contains the path of the configuration file. A successful exploit could allow the attacker to extract the root and admin password.
CVSS Score
9.8
EPSS Score
0.278
Published
2024-02-29