CVE-2026-28701

Summary

Various versions of Daktronics Controller Firmware could allow authenticated and unauthenticated remote users to escape the intended directory and enumerate arbitrary file system paths.

Affected Software

VendorProductVersion RangeStatus
DaktronicsVFC-DMP-50000 < v8.117.x.xaffected
DaktronicsVFC-DMP-50000 < v9.43.x.xaffected
DaktronicsVFC-DMP-50000 < v10.34.x.xaffected
DaktronicsDMP-50000 < v10.34.x.xaffected
DaktronicsDMP-50000 < v8.117.x.xaffected
DaktronicsDMP-50000 < v9.43.x.xaffected
DaktronicsDMP-80000 < v10.34.x.xaffected
DaktronicsDMP-80000 < v8.117.x.xaffected
DaktronicsDMP-80000 < v9.43.x.xaffected

Weaknesses

  • CWE-22: CWE-22

Workarounds

Daktronics recommends updating the default passwords and encourages using strong, unique credentials per device.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References