CVE-2023-25913 HIGH

CVE-2023-25913: Authentication Bypass in Danfoss AK-SM800A

Vendor Danfoss
Product AK-SM800A
Weakness CWE-200 · Info exposure
Published August 21, 2023
Last update January 9, 2025

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Because of an authentication flaw an attacker would be capable of generating a web report that discloses sensitive information such as internal IP addresses, usernames, store names and other sensitive information.

Key dates

02Disclosure timeline

August 21, 2023 CVE published
January 9, 2025 Record updated