We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2023-25913

Authentication Bypass in Danfoss AK-SM800A



Description

Because of an authentication flaw an attacker would be capable of generating a web report that discloses sensitive information such as internal IP addresses, usernames, store names and other sensitive information.

Reserved 2023-02-16 | Published 2023-08-21 | Updated 2025-01-09 | Assigner DIVD


HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Problem types

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

CWE-287 Improper Authentication

Product status

Default status
unaffected

< 3.3
affected

Credits

Jony Schats (HackDefense) finder

Stan Plasmeijer (HackDefense) finder

Max van der Horst (DIVD) analyst

References

csirt.divd.nl/CVE-2023-25913 third-party-advisory

csirt.divd.nl/DIVD-2023-00025 third-party-advisory

cve.org (CVE-2023-25913)

nvd.nist.gov (CVE-2023-25913)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2023-25913

Support options

Helpdesk Chat, Email, Knowledgebase