Description
JUNG Smart Panel KNX firmware version L1.12.22 and prior contain an unauthenticated path traversal vulnerability in the embedded web interface. The application fails to properly validate file path input, allowing remote, unauthenticated attackers to access arbitrary files on the underlying filesystem within the context of the web server. This may result in disclosure of system configuration files and other sensitive information.
Published: 2026-02-10
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Remote File Disclosure
Action: Apply Patch
AI Analysis

Impact

The vulnerability exists in the embedded web interface of JUNG Smart Panel 5.1 KNX firmware L1.12.22 and earlier. The application does not validate file path input, enabling an attacker to supply a specially crafted URL that traverses directories and reads arbitrary files. An attacker can read configuration files and other sensitive data stored on the device’s underlying filesystem, potentially revealing credentials, network topology, or other confidential information. The weakness is a classic path traversal flaw (CWE-22).

Affected Systems

Vendors: ALBRECHT JUNG GMBH & CO. KG; Product: JUNG Smart Panel 5.1 KNX; Affected firmware versions: L1.12.22 and prior.

Risk and Exploitability

The CVSS base score is 6.9, indicating moderate severity. EPSS evaluates the likelihood of exploitation as less than 1%, meaning that while exploitation is technically feasible, it is considered rare at present. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog, and no public exploit has been confirmed. Attackers would need remote network access to the device’s web interface and no authentication is required, which increases the ease of exploitation. Overall, the risk is moderate but increases if the device is exposed to untrusted networks.

Generated by OpenCVE AI on April 18, 2026 at 12:42 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the device firmware to a newer version that includes the fix, if available.
  • If no patch exists, disable or remove the web interface to eliminate the attack surface.
  • Restrict external access to the device’s HTTP port using firewall rules or network segmentation to limit attackers’ ability to reach the vulnerable interface.

Generated by OpenCVE AI on April 18, 2026 at 12:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 11 Feb 2026 22:15:00 +0000

Type Values Removed Values Added
First Time appeared Albrecht Jung
Albrecht Jung jung Smart Panel 5.1 Knx
Vendors & Products Albrecht Jung
Albrecht Jung jung Smart Panel 5.1 Knx
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 10 Feb 2026 22:45:00 +0000

Type Values Removed Values Added
Description JUNG Smart Panel KNX firmware version L1.12.22 and prior contain an unauthenticated path traversal vulnerability in the embedded web interface. The application fails to properly validate file path input, allowing remote, unauthenticated attackers to access arbitrary files on the underlying filesystem within the context of the web server. This may result in disclosure of system configuration files and other sensitive information.
Title JUNG Smart Panel 5.1 KNX Unauthenticated Path Traversal
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Albrecht Jung Jung Smart Panel 5.1 Knx
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-02-11T21:18:58.292Z

Reserved: 2026-02-06T19:12:03.464Z

Link: CVE-2026-25872

cve-icon Vulnrichment

Updated: 2026-02-11T21:18:54.208Z

cve-icon NVD

Status : Deferred

Published: 2026-02-10T23:16:16.473

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-25872

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T12:45:45Z

Weaknesses