PT-2025-20287 · Unknown · Pws Personal Weather Station Dashboard
Matthew Eagle
·
Published
2025-05-07
·
Updated
2025-06-22
·
CVE-2025-47423
CVSS v3.1
5.8
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Personal Weather Station Dashboard version 12 lts
Description
The issue allows unauthenticated remote attackers to read arbitrary files via ../ directory traversal in the
test parameter to "/others/ test.php". This can be exploited to read sensitive files, such as the server's private SSL key in cleartext.Recommendations
For Personal Weather Station Dashboard version 12 lts, restrict access to the "/others/ test.php" endpoint to prevent directory traversal attacks, and avoid using the
test parameter until the issue is resolved.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pws Personal Weather Station Dashboard