Lucene search
MitreVULNRICHMENT:CVE-2024-25830HistoryFeb 28, 2024 - 12:00 a.m.
CVE-2024-25830
2024-02-2800:00:00
mitre
github.com
2
vulnerability
access control
configuration file
remote attack
root password
AI Score
9.5
Confidence
High
EPSS
0
Percentile
11.0%
SSVC
Exploitation
poc
Automatable
yes
Technical Impact
total
F-logic DataCube3 v1.0 is vulnerable to Incorrect Access Control due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this, by sending a URI that contains the path of the configuration file. A successful exploit could allow the attacker to extract the root and admin password.
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:f-logic:datacube3:1.0:*:*:*:*:*:*:*"
],
"vendor": "f-logic",
"product": "datacube3",
"versions": [
{
"status": "affected",
"version": "1.0"
}
],
"defaultStatus": "unknown"
}
]Related
cvelist
cvelist
CVE-2024-25830
2024-02-28 00:00:00
nvd
nvd
CVE-2024-25830
2024-02-29 01:44:16
cve
cve
CVE-2024-25830
2024-02-29 01:44:16
prion
prion
Path traversal
2024-02-29 01:44:00
githubexploit
githubexploit
Exploit for CVE-2024-25832
2024-03-06 04:11:59
zdt
zdt
DataCube3 v1.0 - Unrestricted file upload Remote Code Execution Exploit
2024-03-11 00:00:00
packetstorm
packetstorm
DataCube3 1.0 Shell Upload
2024-03-11 00:00:00
exploitdb
exploitdb
DataCube3 v1.0 - Unrestricted file upload 'RCE'
2024-03-10 00:00:00
AI Score
9.5
Confidence
High
EPSS
0
Percentile
11.0%
SSVC
Exploitation
poc
Automatable
yes
Technical Impact
total
Related for VULNRICHMENT:CVE-2024-25830