Navtor NavBox Information Disclosure Vulnerability via Unhandled Exception

Vulnerability

An information disclosure vulnerability has been identified in Navtor NavBox version 4.12.0.3. The issue arises in the /api/ais-data endpoint, where a remote, unauthenticated attacker can send crafted requests that trigger an unhandled exception. This exception causes the server to return detailed .NET stack traces, which include internal class names, method calls, and references to third-party libraries such as System.Data.SQLite. Such information could aid attackers in understanding the application's internal structure.

Impact

Exploitation of this vulnerability could lead to unauthorized information disclosure, allowing attackers to gain insights into the application's architecture and potentially identify further attack vectors.

Added: Mar 6, 2026, 3:17 PM

Updated: Mar 6, 2026, 3:17 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

0.0

relevance

3.7

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

0.0

relevance

3.7

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Navtor NavBox Information Disclosure Vulnerability via Unhandled Exception

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating