What is the severity of CVE-2024-25830?

CVE-2024-25830 is classified as a high severity vulnerability due to the potential for unauthorized access to sensitive configuration files.

How do I fix CVE-2024-25830?

To remediate CVE-2024-25830, implement stricter access controls and validate user permissions for accessing file directories.

Who is affected by CVE-2024-25830?

CVE-2024-25830 affects users of F-logic DataCube3 v1.0 that do not have proper access controls in place.

Can CVE-2024-25830 be exploited remotely?

Yes, CVE-2024-25830 can be exploited remotely by an unauthenticated attacker who sends malicious URIs.

What could an attacker achieve by exploiting CVE-2024-25830?

An attacker exploiting CVE-2024-25830 could potentially extract sensitive configuration information from the affected system.

Vulnerability/
CVE-2024-25830

Exploited

critical

9.8

CWE

22 284

EPSS

0.043%

28/2/2024

13/8/2024

CVE-2024-25830: Path Traversal

First published: Wed Feb 28 2024(Updated: )

F-logic DataCube3 v1.0 is vulnerable to Incorrect Access Control due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this, by sending a URI that contains the path of the configuration file. A successful exploit could allow the attacker to extract the root and admin password.

Credit: cve@mitre.org Samy Younsi - NS Labs

Affected Software	Affected Version	How to fix
F-logic Datacube3 Firmware

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-25830?
CVE-2024-25830 is classified as a high severity vulnerability due to the potential for unauthorized access to sensitive configuration files.
How do I fix CVE-2024-25830?
To remediate CVE-2024-25830, implement stricter access controls and validate user permissions for accessing file directories.
Who is affected by CVE-2024-25830?
CVE-2024-25830 affects users of F-logic DataCube3 v1.0 that do not have proper access controls in place.
Can CVE-2024-25830 be exploited remotely?
Yes, CVE-2024-25830 can be exploited remotely by an unauthenticated attacker who sends malicious URIs.
What could an attacker achieve by exploiting CVE-2024-25830?
An attacker exploiting CVE-2024-25830 could potentially extract sensitive configuration information from the affected system.

agent/first-publish-date
agent/description
agent/type
exploited/true
collector/exploitdb-recent
source/ExploitDB
alias/CVE-2024-25832
alias/CVE-2024-25830
agent/references
agent/author
collector/epss-latest
source/FIRST
agent/epss
collector/mitre-cve
source/MITRE
collector/nvd-api
source/NVD
agent/weakness
agent/last-modified-date
agent/severity
agent/event
agent/trending
agent/source
agent/tags
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/softwarecombine
vendor/f-logic
canonical/f-logic datacube3 firmware

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

Frequently Asked Questions

What is the severity of CVE-2024-25830?
CVE-2024-25830 is classified as a high severity vulnerability due to the potential for unauthorized access to sensitive configuration files.
How do I fix CVE-2024-25830?
To remediate CVE-2024-25830, implement stricter access controls and validate user permissions for accessing file directories.
Who is affected by CVE-2024-25830?
CVE-2024-25830 affects users of F-logic DataCube3 v1.0 that do not have proper access controls in place.
Can CVE-2024-25830 be exploited remotely?
Yes, CVE-2024-25830 can be exploited remotely by an unauthenticated attacker who sends malicious URIs.
What could an attacker achieve by exploiting CVE-2024-25830?
An attacker exploiting CVE-2024-25830 could potentially extract sensitive configuration information from the affected system.