The webreport generation feature in the Danfoss AK-EM100 allows an unauthorized actor to generate a web report that discloses sensitive information such as the internal IP address, usernames and internal device values.CreditsJony Schats (Hackdefense)Stan Plasmeijer (Hackdefense)Max van der Horst (DIVD)Referenceshttps://csirt.divd.nl/CVE-2023-25912/https://csirt.divd.nl/DIVD-2023-00021/
