Ak-Sm 800A Firmware Security Vulnerabilities

CVE-2023-25913

Because of an authentication flaw an attacker would be capable of generating a web report that discloses sensitive information such as internal IP addresses, usernames, store names and other sensitive information.

CVE-2023-25914

Due to improper restriction, attackers could retrieve and read system files of the underlying server through the XML interface.

CVE-2023-25915

Due to improper input validation, a remote attacker could execute arbitrary commands on the target system.