F-Logic Datacube3 Firmware vulnerabilities
4 known vulnerabilities affecting f-logic/datacube3_firmware.
Total CVEs
4
CISA KEV
0
Public exploits
2
Exploited in wild
2
Severity breakdown
CRITICAL3MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2024-31750P1CRITICALCVSS 9.8ExploitedPoCv1.02024-04-19
CVE-2024-31750 [CRITICAL] CWE-89 CVE-2024-31750: SQL injection vulnerability in f-logic datacube3 v.1.0 allows a remote attacker to obtain sensitive
SQL injection vulnerability in f-logic datacube3 v.1.0 allows a remote attacker to obtain sensitive information via the req_id parameter.
nvd
CVE-2024-34854P2CRITICALCVSS 9.8Exploitedv1.02024-05-28
CVE-2024-34854 [CRITICAL] CWE-22 CVE-2024-34854: F-logic DataCube3 v1.0 is vulnerable to File Upload via `/admin/transceiver_schedule.php.`
F-logic DataCube3 v1.0 is vulnerable to File Upload via `/admin/transceiver_schedule.php.`
nvd
CVE-2024-25830P1CRITICALCVSS 9.8PoCv1.02024-02-29
CVE-2024-25830 [CRITICAL] CWE-22 CVE-2024-25830: F-logic DataCube3 v1.0 is vulnerable to Incorrect Access Control due to an improper directory access
F-logic DataCube3 v1.0 is vulnerable to Incorrect Access Control due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this, by sending a URI that contains the path of the configuration file. A successful exploit could allow the attacker to extract the root and admin password.
nvd
CVE-2024-34852P3MEDIUMCVSS 6.3v1.02024-05-28
CVE-2024-34852 [MEDIUM] CWE-77 CVE-2024-34852: F-logic DataCube3 v1.0 is affected by command injection due to improper string filtering at the comm
F-logic DataCube3 v1.0 is affected by command injection due to improper string filtering at the command execution point in the ./admin/transceiver_schedule.php file. An unauthenticated remote attacker can exploit this vulnerability by sending a file name containing command injection. Successful exploitation of this vulnerability may allow the attacke
nvd