CVE-2024-1303

MEDIUM

Badgermeter Monitool < 4.7 - Path Traversal

Title source: rule

Description

Incorrectly limiting the path to a restricted directory vulnerability in Badger Meter Monitool that affects versions up to 4.6.3 and earlier. This vulnerability allows an authenticated attacker to retrieve any file from the device using the download-file functionality.

Exploits (1)

nomisec WRITEUP

by guillermogm4 · poc

https://github.com/guillermogm4/CVE-2024-1303---Badgermeter-moni-tool-Path-Traversal

View Code ZIP pw:eip

References (1)

[Third Party Advisory] https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-badger-meters-monitool

Scores

CVSS v3 6.5

EPSS 0.0053

EPSS Percentile 67.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-22

Status published

Products (1)

badgermeter/monitool < 4.7

Published Mar 12, 2024

Tracked Since Feb 18, 2026