PT-2026-5550 · Sunfounder · Sunfounder Pironman Dashboard
Chapochapo
·
Published
2026-01-31
·
Updated
2026-02-01
·
CVE-2026-25069
CVSS v4.0
9.3
Critical
| AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
SunFounder Pironman Dashboard (pm dashboard) versions prior to 1.3.13
Description
The SunFounder Pironman Dashboard (pm dashboard) contains a path traversal flaw in the log file API endpoints. An unauthenticated remote attacker can manipulate the
filename parameter with traversal sequences to read and delete arbitrary files. Successful exploitation could lead to the disclosure of sensitive information and the deletion of critical system files, potentially resulting in data loss, system compromise, or denial of service. The API endpoints involved are susceptible to this issue.Recommendations
Versions prior to 1.3.13 should be updated.
Exploit
Fix
DoS
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sunfounder Pironman Dashboard