Senec Storage Box Firmware Security Vulnerabilities - 2023

CVE-2023-39167

In SENEC Storage Box V1,V2 and V3 an unauthenticated remote attacker can obtain the devices' logfiles that contain sensitive data.

CVE-2023-39169

The affected devices use publicly available default credentials with administrative privileges.

CVE-2023-39171

SENEC Storage Box V1,V2 and V3 accidentially expose a management UI accessible with publicly known admin credentials.

CVE-2023-39172

The affected devices transmit sensitive information unencrypted allowing a remote unauthenticated attacker to capture and modify network traffic.