CVE-2023-25912 - Webreport disclosure to unauthorized actor in Danfoss AK-EM 100
CVE | CVE-2023-25912 | |||||||||||
Discovered by |
|
|||||||||||
Credits |
|
|||||||||||
Affected products |
|
|||||||||||
Page author | Max van der Horst | |||||||||||
CVSS |
Base score:
5
(MEDIUM) |
|||||||||||
References |
|
|||||||||||
Problem type(s) | CWE-200 Exposure of Sensitive Information to an Unauthorized Actor | |||||||||||
Last modified | 25 May 2023 17:58 |
Description
The webreport generation feature in the Danfoss AK-EM 100 allows an unauthorized actor to generate a web report that discloses sensitive information such as the internal IP address, usernames and internal device values.
JSON version