CVE-2023-40708
Improper Access Control in OPTO 22 SNAP PAC S1
In short
The SNAP PAC S1 device leaves its FTP port open by default, which allows attackers to access files on the device without proper authorization. This can lead to information disclosure and compromise of the device.
Technical detail
CWE-1188 (Improper Access Control) vulnerability in SNAP PAC S1 R10.3b where FTP service is enabled by default without authentication restrictions. An adversary with network access to the FTP port can enumerate and retrieve sensitive device files, potentially leading to information disclosure and further attack surface exploration.
Summary generated and translated by AI from the official description.
The File Transfer Protocol (FTP) port is open by default in the SNAP PAC S1 Firmware version R10.3b. This could allow an adversary to access some device files.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Affected products
OPTO 22 · SNAP PAC S1Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →