CVE-2023-6538

HIGH

SMU <14.8.7825.01 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2023-6538. PoCs published by Arslan Masood, Arszilla.

AI-analyzed exploit summary This exploit leverages an information disclosure vulnerability in Hitachi NAS (HNAS) System Management Unit (SMU) by sending a crafted GET request to download a configuration backup file. The exploit requires valid session cookies and a server ID to authenticate and retrieve sensitive data.

Description

SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in Storage, Server or combined Server+Storage administrative roles are able to access SMU configuration backup, that would normally be barred to those specific administrative roles.

Exploits (2)

exploitdb WORKING POC

by Arslan Masood · pythonremotehardware

https://www.exploit-db.com/exploits/51915

View Code ZIP pw:eip

This exploit leverages an information disclosure vulnerability in Hitachi NAS (HNAS) System Management Unit (SMU) by sending a crafted GET request to download a configuration backup file. The exploit requires valid session cookies and a server ID to authenticate and retrieve sensitive data.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Hitachi NAS (HNAS) System Management Unit (SMU) < 14.8.7825.01

Auth required

Prerequisites: Valid JSESSIONID and JSESSIONIDSSO cookies · Server ID value · Network access to the target SMU

MITRE ATT&CK

T1082 - System Information Discovery T1592 - Gather Victim Host Information

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 1 stars

by Arszilla · poc

https://github.com/Arszilla/CVE-2023-6538

View Code ZIP pw:eip

This repository contains a functional Python exploit for CVE-2023-6538, an IDOR vulnerability in Hitachi NAS (HNAS) System Management Unit (SMU) Configuration Backup & Restore functionality. The exploit allows authenticated users with specific roles to download configuration backups of servers by manipulating the 'serverid' parameter and session cookies.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Hitachi NAS (HNAS) System Management Unit (SMU) < 14.8.7825.01

Auth required

Prerequisites: Valid credentials for a non-read-only user account (e.g., Storage Administrator, Server Administrator) · Access to JSESSIONID and JSESSIONIDSSO cookies

MITRE ATT&CK

T1222 - File and Directory Permissions Modification T1087 - Account Discovery

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory

https://knowledge.hitachivantara.com/Security/System_Management_Unit_(SMU)_versions_prior_to_14.8.7825.01%2C_used_to_manage_Hitachi_Vantara_NAS_products_is_susceptible_to_unintended_information_disclosure_via_unprivileged_access_to_SMU_configuration_backup_data.

Scores

CVSS v3 7.6

EPSS 0.0158

EPSS Percentile 72.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

Details

CWE

CWE-285

Status published

Products (1)

hitachi/system_management_unit_firmware < 14.8.7825.01

Published Dec 11, 2023

Tracked Since Feb 18, 2026