Arslan Masood

4 exploits Active since Dec 2023
CVE-2023-5808 NOMISEC HIGH WORKING POC
Vantara Hitachi Network Attached Storage - Improper Authorization
SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in a Storage administrative role are able to access HNAS configuration backup and diagnostic data, that would normally be barred to that specific administrative role.
2 stars
CVSS 7.6
CVE-2023-6538 NOMISEC HIGH WORKING POC
SMU <14.8.7825.01 - Info Disclosure
SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in Storage, Server or combined Server+Storage administrative roles are able to access SMU configuration backup, that would normally be barred to those specific administrative roles.
1 stars
CVSS 7.6
EIP-2026-101773 EXPLOITDB python WORKING POC
Hitachi NAS (HNAS) System Management Unit (SMU) Backup & Restore < 14.8.7825.01 - IDOR
CVE-2023-6538 EXPLOITDB HIGH python WORKING POC
SMU <14.8.7825.01 - Info Disclosure
SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in Storage, Server or combined Server+Storage administrative roles are able to access SMU configuration backup, that would normally be barred to those specific administrative roles.
CVSS 7.6