Daktronics Dmp-5000 vulnerabilities
3 known vulnerabilities affecting daktronics/dmp-5000.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2
Vulnerabilities
Page 1 of 1
CVE-2026-28701P2CRITICALCVSS 9.8fixed in v10.34.x.xfixed in v8.117.x.x+1 more2026-06-26
CVE-2026-28701 [CRITICAL] CWE-22 CVE-2026-28701: Various versions of Daktronics Controller Firmware could allow authenticated and unauthenticated rem
Various versions of Daktronics Controller Firmware could allow authenticated and unauthenticated remote users to escape the intended directory and enumerate arbitrary file system paths.
nvd
CVE-2026-31928P3HIGHCVSS 8.1fixed in v10.34.x.xfixed in v8.117.x.x+1 more2026-06-26
CVE-2026-31928 [HIGH] CWE-798 CVE-2026-31928: The DMP-5000 devices are shipped with a default administrative web account with weak authentication
The DMP-5000 devices are shipped with a default administrative web account with weak authentication controls, which are not required to be changed during initial configuration or operation. Using these accounts provides full system access.
nvd
CVE-2026-33560P3HIGHCVSS 7.1fixed in v10.34.x.xfixed in v8.117.x.x+1 more2026-06-26
CVE-2026-33560 [HIGH] CWE-434 CVE-2026-33560: The DMP-5000 file service exposes authenticated arbitrary file upload functionality. There are expos
The DMP-5000 file service exposes authenticated arbitrary file upload functionality. There are exposed endpoints which allows authenticated users to upload files of any type without validation. No file extension filtering or content inspection is enforced which allows executable binaries and scripts to be accepted and written directly to the server.
nvd