CVE-2023-39854

Name of the Vulnerable Software and Affected Versions ATX Ucrypt versions 3.5 and earlier

Description The web interface of ATX Ucrypt allows authenticated users, or attackers using default credentials for the admin, master, or user account, to include files via a URL in the "/hydra/view/get cc url" url parameter. This can result in Server-Side Request Forgery (SSRF).

Recommendations For ATX Ucrypt versions 3.5 and earlier, consider disabling access to the "/hydra/view/get cc url" url parameter until a patch is available. Additionally, changing default credentials for the admin, master, and user accounts can help mitigate the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.