F-logic DataCube3 v1.0 is vulnerable to Incorrect Access Control due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this, by sending a URI that contains the path of the configuration file. A successful exploit could allow the attacker to extract the root and admin password.
Metrics
Affected Vendors & Products
References
History
Tue, 13 Aug 2024 20:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-22 CWE-284 |
|
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-02-28T00:00:00
Updated: 2024-08-13T18:57:18.775Z
Reserved: 2024-02-12T00:00:00
Link: CVE-2024-25830
Vulnrichment
Updated: 2024-08-01T23:52:05.227Z
NVD
Status : Awaiting Analysis
Published: 2024-02-29T01:44:16.533
Modified: 2024-08-13T19:35:05.710
Link: CVE-2024-25830
Redhat
No data.