CVE-2024-25830 Information

Description

F-logic DataCube3 v1.0 is vulnerable to Incorrect Access Control due to an improper directory access restriction. An unauthenticated remote attacker can exploit this by sending a URI that contains the path of the configuration file. A successful exploit could allow the attacker to extract the root and admin password.

Reference

https://neroteam.com/blog/f-logic-datacube3-vulnerability-report