cvedb.io
CVE-2023-0321
CRITICAL · CVSS 9.1
EPSS exploitation probability: 0%
Published 2023-01-26T21:18:07.143 · Last modified 2026-06-17T05:25:16.873

Summary

Campbell Scientific dataloggers CR6, CR300, CR800, CR1000 and CR3000 may allow an attacker to download configuration files, which may contain sensitive information about the internal network. From factory defaults, the mentioned datalogges have HTTP and PakBus enabled. The devices, with the default configuration, allow this situation via the PakBus port. The exploitation of this vulnerability may allow an attacker to download, modify, and upload new configuration files.

Affected products

campbellsci — cr6_firmware

Does this affect you?

Add your gear to cvedb and we'll alert you only when campbellsci ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.