CVE-2023-25911— Authenticated OS Command Injection in Danfoss AK-EM100
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-25911
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Authenticated OS Command Injection in Danfoss AK-EM100
Source: NVD (National Vulnerability Database)
Vulnerability Description
The Danfoss AK-EM100 web applications allow for an authenticated user to perform OS command injection through the web application parameters.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
在命令中使用的特殊元素转义处理不恰当(命令注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Danfoss AK-EM100 web applications 命令注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Danfoss AK-EM100 web applications是丹麦Danfoss公司的一个 web 应用程序。提供了商店的基于 web 的图形用户界面,该界面允许一系列日常用户本地或远程监控关于他们所有制冷设备的数据、警报和报告。 Danfoss AK-EM100 web applications存在安全漏洞,该漏洞源于允许通过网络应用程序参数注入操作系统命令。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2023-25911
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-25911
请登录查看更多情报信息。
- https://csirt.divd.nl/DIVD-2023-00021third-party-advisory
- https://csirt.divd.nl/DIVD-2023-00021/third-party-advisory
- https://csirt.divd.nl/CVE-2023-25911/third-party-advisory
- https://divd.nl/cves/CVE-2023-25911third-party-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-25911
Same Patch Batch · Danfoss · 2023-06-11 · 7 CVEs total
| CVE-2023-22583 | 10.0 CRITICAL | SQL Injection in Danfoss AK-EM100 |
| CVE-2023-22585 | 9.0 CRITICAL | Reflected Cross-Site Scripting in Danfoss AK-EM100 |
| CVE-2023-22582 | 9.0 CRITICAL | Reflected Cross-Site Scripting in Danfoss AK-EM100 |
| CVE-2023-22586 | 7.7 HIGH | Local File Inclusion in Danfoss AK-EM100 |
| CVE-2023-22584 | 7.5 HIGH | Cleartext credentials in Danfoss AK-EM100 |
| CVE-2023-25912 | 5.3 MEDIUM | Webreport disclosure to unauthorized actor in Danfoss AK-EM100 |
IV. Related Vulnerabilities
Same product: AK-EM100
Same vendor: Danfoss
- CVE-2025-41452
Post auth nginx configuration injection in Danfoss AK-SM8xxA - CVE-2025-41451
Post-Authentication OS Command Injection RCE in Danfoss AK-S - CVE-2025-41450
Authentication bypass with privileged access in Danfoss AK-S - CVE-2023-25913
Authentication Bypass in Danfoss AK-SM800A - CVE-2023-25914
Authneticated Path Traversal in Danfoss AK-SM800A
Same weakness: CWE-77
- CVE-2026-8210
aandrew-me tgpt Update helper.go helper.Update command injec - CVE-2026-42258
net-imap: Command Injection via unvalidated Symbol inputs - CVE-2026-42453
Termix: Command injection in extractArchive/compressFiles vi - CVE-2026-42271
LiteLLM: Authenticated command execution via MCP stdio test - CVE-2026-41500
electerm has Command Injection Vulnerability via runMac func
V. Comments for CVE-2023-25911
No comments yet