CVE-2023-25913 - Authentication Bypass in Danfoss AK-SM800A

CVE

CVE-2023-25913

Discovered by

Jony Schats and Stan Plasmeijer (HackDefense)

Credits

Jony Schats (HackDefense)
Stan Plasmeijer (HackDefense)
Max van der Horst (DIVD)

Affected products

Product	Affected	Unaffected	Unknown
Danfoss AK-SM800A	= < 3.3
Danfoss AK-SM800A		everything else

Page author

Max van der Horst

CVSS

Base score: 6.5 (MEDIUM)

References

https://csirt.divd.nl/cves/CVE-2023-25913 ( third-party-advisory )
https://csirt.divd.nl/DIVD-2023-00025 ( third-party-advisory )

Problem type(s)

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

Last modified

21 Aug 2023 15:01

Description

Because of an authentication flaw an attacker would be capable of generating a web report that discloses sensitive information such as internal IP addresses, usernames, store names and other sensitive information.

JSON version

DIVD CSIRT

CVE-2023-25913 - Authentication Bypass in Danfoss AK-SM800A

Description