Lucene search
Gjoko Krstic, Zero Science LabZDI-24-671HistoryJun 13, 2024 - 12:00 a.m.
(0Day) Deep Sea Electronics DSE855 Configuration Backup Missing Authentication Information Disclosure Vulnerability
2024-06-1300:00:00
Gjoko Krstic, Zero Science Lab
www.zerodayinitiative.com
4
vulnerability
deep sea electronics
dse855
information disclosure
authentication
web-based ui
network-adjacent
credentials
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web-based UI. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise.
Related
nvd
nvd
CVE-2024-5947
2024-06-13 20:15:16
packetstorm
packetstorm
Deep Sea Electronics DSE855 Remote Authentication Bypass
2024-07-03 00:00:00
cve
cve
CVE-2024-5947
2024-06-13 20:15:16
vulnrichment
vulnrichment
zeroscience
zeroscience
Deep Sea Electronics DSE855 Remote Authentication Bypass
2024-07-03 00:00:00
zdt
zdt
Deep Sea Electronics DSE855 Remote Authentication Bypass Vulnerability
2024-07-03 00:00:00
cvelist
cvelist
nuclei
nuclei
Deep Sea Electronics DSE855 - Authentication Bypass
2024-07-03 18:09:15