Description
The DMP-5000 file service exposes authenticated arbitrary file upload functionality. There are exposed endpoints which allows authenticated users to upload files of any type without validation. No file extension filtering or content inspection is enforced which allows executable binaries and scripts to be accepted and written directly to the server.
CVSS breakdown
CVSS 4.0
Attack Vector
Network
Attack Complexity
Low
Attack Requirements
None
Privileges Required
Low
User Interaction
None
Confidentiality (Vulnerable System)
Low
Integrity (Vulnerable System)
High
Availability (Vulnerable System)
None
Confidentiality (Subsequent System)
Low
Integrity (Subsequent System)
High
Availability (Subsequent System)
None
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
High
Availability
None
Affected products
- Daktronics / DMP-50000 – v10.34.x.x
- Daktronics / DMP-50000 – v9.43.x.x
- Daktronics / DMP-50000 – v8.117.x.x
- Daktronics / DMP-80000 – v9.43.x.x
- Daktronics / DMP-80000 – v10.34.x.x
- Daktronics / DMP-80000 – v8.117.x.x
- Daktronics / VFC-DMP-50000 – v8.117.x.x
- Daktronics / VFC-DMP-50000 – v10.34.x.x
- Daktronics / VFC-DMP-50000 – v9.43.x.x