cbcvebase.
CVE-2026-2330
published 2026-03-06

CVE-2026-2330: An attacker may access restricted filesystem areas on the device via the CROWN REST interface due to incomplete whitelist enforcement. Certain directories…

PriorityP269critical9.4CVSS 3.1
AVNACLPRNUINSUCLIHAH
EPSS
0.66%
47.1th percentile
An attacker may access restricted filesystem areas on the device via the CROWN REST interface due to incomplete whitelist enforcement. Certain directories intended for internal testing were not covered by the whitelist and are accessible without authentication. An unauthenticated attacker could place a manipulated parameter file that becomes active after a reboot, allowing modification of critical device settings, including network configuration and application parameters.

Affected

2 ranges
VendorProductVersion rangeFixed in
sick_agsick_lector83x< 2.8.02.8.0
sick_agsick_lector85x< 2.8.02.8.0
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.