CVE-2023-25913

Authentication Bypass in Danfoss AK-SM800A

CVE

CVE-2023-25913

Title

Authentication Bypass in Danfoss AK-SM800A

Credits

Jony Schats (HackDefense) (finder)
Stan Plasmeijer (HackDefense) (finder)
Max van der Horst (DIVD) (analyst)

Affected products

Product	Affected	Unaffected	Unknown
Danfoss AK-SM800A	= < 3.3 ()
Danfoss AK-SM800A		everything else

CVSS

Base score: 6.5 (MEDIUM)

References

https://csirt.divd.nl/cves/CVE-2023-25913 ( third-party-advisory )
https://csirt.divd.nl/DIVD-2023-00025 ( third-party-advisory )

Problem type(s)

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

Date published

Last modified

Description

Because of an authentication flaw an attacker would be capable of generating a web report that discloses sensitive information such as internal IP addresses, usernames, store names and other sensitive information.

Workaround(s)

Upgrade to the latest patch, which is version 3.3.

JSON version.

DIVD CSIRT

CVE-2023-25913

Authentication Bypass in Danfoss AK-SM800A

Description

Workaround(s)