Daktronics Controller Firmware Path Traversal_CVE-2026-28701

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

Various versions of Daktronics Controller Firmware could allow authenticated and unauthenticated remote users to escape the intended directory and enumerate arbitrary file system paths.

AI Analysis

Path traversal vulnerability in Daktronics Controller Firmware allowing remote users to escape the intended directory and enumerate arbitrary file system paths.

Basic Information

ID CVE-2026-28701

Source icscert

Published Jun 26, 2026 at 22:40

Modified Jun 26, 2026 at 23:03

Affected Product

Vendor Daktronics

Product VFC-DMP-5000

Affected Versions Daktronics VFC-DMP-5000 0
Daktronics VFC-DMP-5000 0
Daktronics VFC-DMP-5000 0
Daktronics DMP-5000 0
Daktronics DMP-5000 0
Daktronics DMP-5000 0
Daktronics DMP-8000 0
Daktronics DMP-8000 0
Daktronics DMP-8000 0

CWE Classification

CWE-22

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor Daktronics

Product Controller Firmware

References

{
    "lastseen": "",
    "description": "Various versions of Daktronics Controller Firmware could allow authenticated and unauthenticated remote users to escape the intended directory and enumerate arbitrary file system paths.",
    "published": "2026-06-26T22:40:03.058Z",
    "modified": "2026-06-26T23:03:12.487Z",
    "type": "cve",
    "title": "Daktronics Controller Firmware Path Traversal",
    "source": "icscert",
    "references": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-176-04\nhttps://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-176-04.json",
    "id": "CVE-2026-28701",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22"
    ],
    "cvelist": null,
    "sourceData": "Daktronics VFC-DMP-5000 0\nDaktronics VFC-DMP-5000 0\nDaktronics VFC-DMP-5000 0\nDaktronics DMP-5000 0\nDaktronics DMP-5000 0\nDaktronics DMP-5000 0\nDaktronics DMP-8000 0\nDaktronics DMP-8000 0\nDaktronics DMP-8000 0",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "VFC-DMP-5000",
    "version": "0",
    "vendor": "Daktronics",
    "ai_description": "Path traversal vulnerability in Daktronics Controller Firmware allowing remote users to escape the intended directory and enumerate arbitrary file system paths.",
    "ai_severity": "Critical",
    "ai_vendor": "Daktronics",
    "ai_product": "Controller Firmware",
    "ai_version": "0",
    "ai_score": 9.8
}