Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-reachable, low-complexity, unauthenticated (PR:N) traversal; description supports only path enumeration (C:L) with no integrity or availability impact, unlike the input's VI:H/VA:H.
Primary rating from Vendor (icscert).
CVSS VectorVendor: icscert
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
5DescriptionCVE.org
Various versions of Daktronics Controller Firmware could allow authenticated and unauthenticated remote users to escape the intended directory and enumerate arbitrary file system paths.
AnalysisAI
Path traversal in Daktronics Controller Firmware for the VFC-DMP-5000, DMP-5000, and DMP-8000 display media players lets remote users break out of the intended directory and enumerate arbitrary file system paths, exposing the device's internal layout to attackers. Both authenticated and unauthenticated requests are accepted, and the flaw is reachable over the network with no user interaction. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The only prerequisite is network reachability to the affected Daktronics DMP web/management interface; per the CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) and the description, exploitation works for both authenticated and unauthenticated remote users with no special configuration or user interaction. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Signals are partially conflicting. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who can reach the device's web/management interface sends a crafted request containing directory-traversal sequences to a vulnerable endpoint and, because no authentication is required, receives a listing of file system paths outside the intended directory. The exposed paths reveal device internals (configuration locations, firmware structure) that can be used to plan deeper attacks against the signage controller. … |
| Remediation | No vendor-released patch version is identified in the available data; consult the CISA ICS advisory icsa-26-176-04 (https://www.cisa.gov/news-events/ics-advisories/icsa-26-176-04) and the corresponding CSAF document for the specific fixed firmware build and apply it once published. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Conduct complete inventory of VFC-DMP-5000, DMP-5000, and DMP-8000 systems; document network topology and data flow. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Vfc Dmp 5000
View allDefault administrative web credentials in Daktronics DMP-5000, VFC-DMP-5000, and DMP-8000 digital media players grant fu
Arbitrary file upload in the Daktronics DMP-5000 (and related VFC-DMP-5000 and DMP-8000) media player file service lets
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39923
GHSA-qr6g-wmfj-4xhv