Ey As525F001 Firmware
CVE-2023-28652
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
An authenticated malicious user could successfully upload a malicious image could lead to a denial-of-service condition.
AnalysisAI
An authenticated malicious user could successfully upload a malicious image could lead to a denial-of-service condition. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Unrestricted File Upload (CWE-434), which allows attackers to upload malicious files that can be executed on the server. An authenticated malicious user could successfully upload a malicious image could lead to a denial-of-service condition. Affected products include: Sauter-Controls Ey-As525F001 Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate file types server-side, store uploads outside webroot, use random filenames, scan for malware.
More in Ey As525F001 Firmware
View allAn authenticated malicious user could acquire the simple mail transfer protocol (SMTP) Password in cleartext format, des
An unauthenticated remote attacker could provide a malicious link and trick an unsuspecting user into clicking on it. Ra
An unauthenticated remote attacker could force all authenticated users, such as administrative users, to perform unautho
A malicious user could leverage this vulnerability to escalate privileges or perform unauthorized actions in the context
Same technique File Upload
View allShare
External POC / Exploit Code
Leaving vuln.today