CVE-2024-1303
Description
Incorrectly limiting the path to a restricted directory vulnerability in Badger Meter Monitool that affects versions up to 4.6.3 and earlier. This vulnerability allows an authenticated attacker to retrieve any file from the device using the download-file functionality.
NVD
Severity: N/A
CVE ID: CVE-2024-1303
CVSS Score: N/A
CVSS Metrics: NVD assessment not yet provided.
Spanish National Cybersecurity Institute, S.A. (INCIBE)
Severity: MEDIUM
CVE ID: CVE-2024-1303
CVSS Score: 6.5
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Proof Of Concept
guillermogm4
POC Badgermeter moni tool - CVE-2024-1303
Refrence: GitHub