Vulnerability Details : CVE-2023-37607
Public exploit exists!
Directory Traversal in Automatic Systems SOC FL9600 FirstLane V06 lego_T04E00 allows a remote attacker to obtain sensitive information via csvServer.php?file= with a .. in the dir parameter.
Vulnerability category: Directory traversal
Products affected by CVE-2023-37607
- cpe:2.3:o:automaticsystems:soc_fl9600_firstlane_firmware:06:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-37607
0.31%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 70 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-37607
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST | 2024-01-09 |
CWE ids for CVE-2023-37607
-
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.Assigned by: nvd@nist.gov (Primary)
References for CVE-2023-37607
-
https://www.automatic-systems.com/range/
Product vehicle barrier pedestrian speed gate turnstile Automatic Systems
-
http://automatic-systems.com
Automatic Systems' new augmented reality appProduct
-
http://soc.com
Soc.comPermissions Required
-
https://github.com/CQURE/CVEs/blob/main/CVE-2023-37607/README.md
CVEs/CVE-2023-37607/README.md at main · CQURE/CVEs · GitHubExploit;Third Party Advisory
Jump to