Skip to the content.

CVE-2023-25912 - Webreport disclosure to unauthorized actor in Danfoss AK-EM 100

CVE CVE-2023-25912
Discovered by
  • Jony Schats and Stan Plasmeijer (HackDefense)
Affected products
Product Affected Unaffected Unknown
Danfoss AK-EM 100 >= 2.x.y.z < to <
everything else
Page author Max van der Horst
CVSS Base score: 5 (MEDIUM)
Problem type(s) CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Last modified 25 May 2023 17:58


The webreport generation feature in the Danfoss AK-EM 100 allows an unauthorized actor to generate a web report that discloses sensitive information such as the internal IP address, usernames and internal device values.

JSON version