Skip to main content

Daktronics DMP CVE-2026-28701

| EUVDEUVD-2026-39923 CRITICAL
Path Traversal (CWE-22)
2026-06-26 icscert GHSA-qr6g-wmfj-4xhv
9.3
CVSS 4.0 · Vendor: icscert
Share

Severity by source

Vendor (icscert) PRIMARY
9.3 CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
5.3 MEDIUM

Network-reachable, low-complexity, unauthenticated (PR:N) traversal; description supports only path enumeration (C:L) with no integrity or availability impact, unlike the input's VI:H/VA:H.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (icscert).

CVSS VectorVendor: icscert

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

5
Analysis Updated
Jun 26, 2026 - 23:28 vuln.today
v3 (cvss_changed)
Analysis Updated
Jun 26, 2026 - 23:28 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jun 26, 2026 - 23:22 vuln.today
cvss_changed
CVSS changed
Jun 26, 2026 - 23:22 NVD
9.8 (CRITICAL) 9.3 (CRITICAL)
Analysis Generated
Jun 26, 2026 - 23:15 vuln.today

DescriptionCVE.org

Various versions of Daktronics Controller Firmware could allow authenticated and unauthenticated remote users to escape the intended directory and enumerate arbitrary file system paths.

AnalysisAI

Path traversal in Daktronics Controller Firmware for the VFC-DMP-5000, DMP-5000, and DMP-8000 display media players lets remote users break out of the intended directory and enumerate arbitrary file system paths, exposing the device's internal layout to attackers. Both authenticated and unauthenticated requests are accepted, and the flaw is reachable over the network with no user interaction. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Discover exposed Daktronics DMP interface
Delivery
Send request with path-traversal sequence
Exploit
Escape intended directory
Execution
Enumerate arbitrary file system paths
Impact
Map device internals for follow-on attack

Vulnerability AssessmentAI

Exploitation The only prerequisite is network reachability to the affected Daktronics DMP web/management interface; per the CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) and the description, exploitation works for both authenticated and unauthenticated remote users with no special configuration or user interaction. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals are partially conflicting. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who can reach the device's web/management interface sends a crafted request containing directory-traversal sequences to a vulnerable endpoint and, because no authentication is required, receives a listing of file system paths outside the intended directory. The exposed paths reveal device internals (configuration locations, firmware structure) that can be used to plan deeper attacks against the signage controller. …
Remediation No vendor-released patch version is identified in the available data; consult the CISA ICS advisory icsa-26-176-04 (https://www.cisa.gov/news-events/ics-advisories/icsa-26-176-04) and the corresponding CSAF document for the specific fixed firmware build and apply it once published. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Conduct complete inventory of VFC-DMP-5000, DMP-5000, and DMP-8000 systems; document network topology and data flow. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-28701 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy