MEDIUM
Deep Sea Electronics
CVE published 2024-10-24
CVE-2024-5947
Deep Sea Electronics DSE855 firmware version 1.0.26 contains an insecure direct object reference (IDOR) vulnerability that allows unauthenticated remote attackers to retrieve sensitive configuration data. The vulnerability exists because the device exposes the Backup.bin file through predictable URL paths without proper access controls. An attacker with adjacent network access can issue an HTTP GET reques [truncated]