PT-2026-5550 · Sunfounder · Sunfounder Pironman Dashboard
Chapochapo
·
Publicado
2026-01-31
·
Atualizado
2026-02-01
·
CVE-2026-25069
CVSS v4.0
9.3
Crítica
| Vetor | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
SunFounder Pironman Dashboard (pm dashboard) versions prior to 1.3.13
Description
The SunFounder Pironman Dashboard (pm dashboard) contains a path traversal flaw in the log file API endpoints. An unauthenticated remote attacker can manipulate the
filename parameter with traversal sequences to read and delete arbitrary files. Successful exploitation could lead to the disclosure of sensitive information and the deletion of critical system files, potentially resulting in data loss, system compromise, or denial of service. The API endpoints involved are susceptible to this issue.Recommendations
Versions prior to 1.3.13 should be updated.
Exploit
Correção
DoS
Path traversal
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Sunfounder Pironman Dashboard