Skip to main content

Daktronics DMP-5000 EUVDEUVD-2026-39924

| CVE-2026-33560 HIGH
Unrestricted Upload of File with Dangerous Type (CWE-434)
2026-06-26 icscert GHSA-j595-prhp-3r49
8.4
CVSS 4.0 · Vendor: icscert
Share

Severity by source

Vendor (icscert) PRIMARY
8.4 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:L/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
7.1 HIGH

Network-reachable file service with low-complexity upload but requiring low-privilege authentication (PR:L); arbitrary writes give high integrity impact, limited confidentiality, no direct availability loss.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (icscert).

CVSS VectorVendor: icscert

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:L/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
Jun 26, 2026 - 23:30 vuln.today
CVSS changed
Jun 26, 2026 - 23:22 NVD
7.1 (HIGH) 8.4 (HIGH)

DescriptionCVE.org

The DMP-5000 file service exposes authenticated arbitrary file upload functionality. There are exposed endpoints which allows authenticated users to upload files of any type without validation. No file extension filtering or content inspection is enforced which allows executable binaries and scripts to be accepted and written directly to the server.

AnalysisAI

Arbitrary file upload in the Daktronics DMP-5000 (and related VFC-DMP-5000 and DMP-8000) media player file service lets authenticated users write files of any type - including executable binaries and scripts - directly to the server with no extension filtering or content inspection. This unrestricted upload (CWE-434) gives a low-privileged operator a path to plant and potentially execute malicious code on these OT digital-media/scoreboard controllers. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain low-privilege file-service credentials
Delivery
Reach upload endpoint over network
Exploit
Upload malicious script/binary (no validation)
Execution
Stored in server-writable path
Persist
Trigger or serve uploaded file
Impact
Execute code / tamper with media controller

Vulnerability AssessmentAI

Exploitation Exploitation requires (1) network access to the DMP-5000/VFC-DMP-5000/DMP-8000 file service and (2) valid authentication at low privilege (CVSS PR:L) - it is not unauthenticated. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals are moderate and broadly consistent. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has obtained low-privilege credentials to a network-reachable DMP-5000 file service uploads a malicious script or binary to an exposed endpoint that performs no extension or content validation. If that upload location is executable or later served, the attacker leverages it to run arbitrary code on the OT media controller, tampering with displayed content or pivoting within the operational network. …
Remediation Apply the Daktronics-recommended remediation documented in CISA advisory ICSA-26-176-04 (https://www.cisa.gov/news-events/ics-advisories/icsa-26-176-04) and the CSAF file (https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-176-04.json); no exact fixed version is provided in the available data, so verify the patched build directly from the vendor before deploying. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all Daktronics DMP-5000, VFC-DMP-5000, and DMP-8000 devices and document current firmware versions; disable or restrict access to file upload functions where operationally feasible. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-39924 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy