PcComponentes
Company Details
Linkedin ID:
pccomponentes
Website:
Employees number:
651
Number of followers:
46,732
NAICS:
334
Industry Type:
Homepage:
pccomponentes.com
IP Addresses:
0
Company ID:
PCC_3163490
Scan Status:
In-progress
PcComponentes Company CyberSecurity Posture
pccomponentes.com
Tienda online de informática y nuevas tecnologías con más de 8 años de experiencia, ofreciendo siempre el mejor precio y servicio posibles. Contamos con una amplia cartera de clientes en toda España y Portugal, con un gran equipo de profesionales y con una infraestructura capaz de servir cientos de pedidos diariamente. Todo para que nuestro máximo objetivo sea cumplido: la satisfacción plena de todos nuestros clientes.
PcComponentes A.I CyberSecurity Scoring
PcComponentes Risk Score (AI oriented)Between 600 and 649
PcComponentes
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
PcComponentes Global Score (TPRM)XXXX
PcComponentes
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
PcComponentes Company CyberSecurity News & History
Past Incidents
2
Attack Types
1
PcComponentes: Top PC components store denies data breach - PcComponentes says it is safe, despite hacker claims
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: PcComponentes Denies Major Data Breach, Confirms Limited Credential Stuffing Attack Spanish electronics retailer PcComponentes has refuted claims of a large-scale data breach after a hacker alleged the theft of 16.3 million customer records. The company acknowledged a credential stuffing attack but stated that far fewer accounts were impacted than claimed. The incident began when a threat actor, identified as *daghetiaw*, posted on an underground forum offering a dataset purportedly containing names, postal addresses, IP addresses, product wishlists, and Zendesk customer support messages. To validate the claim, the hacker released a sample of 500,000 records. PcComponentes responded with a public statement, asserting that no unauthorized access to its databases or internal systems occurred. The company disputed the hacker’s claim of 16 million affected accounts, noting that its active user base is significantly smaller. Instead, it confirmed a credential stuffing attack, where attackers used leaked login credentials from other breaches to gain access to some accounts. While the company downplayed the severity, it confirmed that exposed data included names, IDs, postal addresses, IP addresses, and phone numbers but not financial details, as PcComponentes does not store payment information. Customer passwords were also not compromised, as they are not retained in the company’s database. As a precaution, PcComponentes has implemented mandatory CAPTCHA verification and two-factor authentication (2FA) for all future logins. The incident was first reported by *BleepingComputer*.
Zendesk and PcComponentes: Online retailer PcComponentes says data breach claims are fake
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: PcComponentes Denies Data Breach but Confirms Credential Stuffing Attack Impacting Customers Spain’s leading technology retailer, PcComponentes, has refuted claims of a major data breach affecting 16 million customers but confirmed a credential stuffing attack exposed sensitive account details. The incident emerged after a threat actor, *daghetiaw*, posted a purported database containing 16.3 million records on hacker forums, leaking 500,000 entries and offering the remainder for sale. The leaked data included order histories, physical addresses, full names, phone numbers, IP addresses, product wishlists, and customer support messages exchanged via Zendesk. However, PcComponentes stated that no financial details or passwords were stored on its systems and that the claimed 16 million affected accounts was exaggerated, as its active user base is significantly smaller. An investigation revealed the attack stemmed from credential stuffing where attackers used reused login credentials from previous breaches to access accounts. Threat intelligence firm Hudson Rock traced the compromised credentials to info-stealing malware infections, with some logins dating back to 2020. A sample of verified emails from the leak matched records in existing infostealer logs. For affected accounts, exposed data included: - Full names - National ID numbers - Physical addresses - IP addresses - Email addresses - Phone numbers In response, PcComponentes implemented CAPTCHA protections, mandatory two-factor authentication (2FA) for all accounts, and invalidated active sessions, forcing users to re-authenticate with 2FA enabled. The company did not disclose the exact number of impacted customers.
PcComponentes Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for PcComponentes
Incidents vs Computers and Electronics Manufacturing Industry Average (This Year)
PcComponentes has 68.45% fewer incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
PcComponentes has 28.06% fewer incidents than the average of all companies with at least one recorded incident.
Incident Types PcComponentes vs Computers and Electronics Manufacturing Industry Avg (This Year)
PcComponentes reported 1 incidents this year: 0 cyber attacks, 0 ransomware, 0 vulnerabilities, 1 data breaches, compared to industry peers with at least 1 incident.
Incident History — PcComponentes (X = Date, Y = Severity)
PcComponentes cyber incidents detection timeline including parent company and subsidiaries
PcComponentes Company Subsidiaries
Tienda online de informática y nuevas tecnologías con más de 8 años de experiencia, ofreciendo siempre el mejor precio y servicio posibles. Contamos con una amplia cartera de clientes en toda España y Portugal, con un gran equipo de profesionales y con una infraestructura capaz de servir cientos de pedidos diariamente. Todo para que nuestro máximo objetivo sea cumplido: la satisfacción plena de todos nuestros clientes.
Loading...
PcComponentes Similar Companies
Voltas is the No. 1* Room Air Conditioner Brand in India. Apart from ACs, Voltas offers a wide range of cooling products including Air Coolers, Commercial Refrigeration, Water Coolers and Water Dispensers. Apart from being the leaders in consumer products, Voltas is also one of the world's premier e
Motorola Mobility (a Lenovo Company)
As part of the Lenovo family, Motorola Mobility is creating innovative smartphones and accessories designed with the consumer in mind. That’s why we’re looking for the thinkers, innovators and problem solvers who believe in working together to challenge the status quo. If you share our commitment to
HARMAN International
Headquartered in Stamford, Connecticut, HARMAN (harman.com) designs and engineers connected products and solutions for automakers, consumers, and enterprises worldwide, including connected car systems, audio and visual products, enterprise automation solutions; and services supporting the Internet o
We’re a diverse collective of thinkers and doers, continually reimagining what’s possible to help us all do what we love in new ways. And the same innovation that goes into our products also applies to our practices — strengthening our commitment to leave the world better than we found it. This is w
Step into the innovative world of LG Electronics. As a global leader in technology, LG Electronics is dedicated to creating innovative solutions for a better life. Our brand promise, 'Life's Good', embodies our commitment to ensuring a happier, better life for all. With a rich history spanning ov
Canon USA
Living and Working Together For The Common Good... - Kyosei Kyosei unites Canon and its employees in contributing to the prosperity of humanity and the protection of the world we share. As a leading provider of consumer, business-to-business, and industrial digital imaging solutions, our determi
Garmin
WHERE DO WE START? How about Kansas City? That’s our home. That’s where Garmin put a stake in the ground in 1989. We’ve grown substantially over the years, offering diverse products and global reach in 5 diverse markets. But some things won’t ever change: Our entrepreneurial spirit and a culture whe
Samsung Electronics
Samsung Electronics is a global leader in technology, opening new possibilities for people everywhere. Through relentless innovation and discovery, we are transforming the worlds of TVs, smartphones, wearable devices, tablets, digital appliances, network systems, medical devices, semiconductors and
.png)
PcComponentes CyberSecurity News
January 22, 2026 12:05 PM
Top PC components store denies data breach - PcComponentes says it is safe, despite hacker claims
Spanish PC components retailer PcComponentes has denied suffering a big data breach - but did confirm it suffered a credential stuffing...
January 22, 2026 08:31 AM
PcComponentes Incident Was a Credential Stuffing Attack Using Infostealer Logs
The PcComponentes credential stuffing incident highlights the role of infostealer logs and the impact on user data in retail cybersecurity.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
PcComponentes CyberSecurity History Information
Official Website of PcComponentes
The official website of PcComponentes is https://www.pccomponentes.com.
PcComponentes’s AI-Generated Cybersecurity Score
According to Rankiteo, PcComponentes’s AI-generated cybersecurity score is 628, reflecting their Poor security posture.
How many security badges does PcComponentes’ have ?
According to Rankiteo, PcComponentes currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has PcComponentes been affected by any supply chain cyber incidents ?
According to Rankiteo, PcComponentes has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.
Does PcComponentes have SOC 2 Type 1 certification ?
According to Rankiteo, PcComponentes is not certified under SOC 2 Type 1.
Does PcComponentes have SOC 2 Type 2 certification ?
According to Rankiteo, PcComponentes does not hold a SOC 2 Type 2 certification.
Does PcComponentes comply with GDPR ?
According to Rankiteo, PcComponentes is not listed as GDPR compliant.
Does PcComponentes have PCI DSS certification ?
According to Rankiteo, PcComponentes does not currently maintain PCI DSS compliance.
Does PcComponentes comply with HIPAA ?
According to Rankiteo, PcComponentes is not compliant with HIPAA regulations.
Does PcComponentes have ISO 27001 certification ?
According to Rankiteo,PcComponentes is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of PcComponentes
PcComponentes operates primarily in the Computers and Electronics Manufacturing industry.
Number of Employees at PcComponentes
PcComponentes employs approximately 651 people worldwide.
Subsidiaries Owned by PcComponentes
PcComponentes presently has no subsidiaries across any sectors.
PcComponentes’s LinkedIn Followers
PcComponentes’s official LinkedIn profile has approximately 46,732 followers.
NAICS Classification of PcComponentes
PcComponentes is classified under the NAICS code 334, which corresponds to Computer and Electronic Product Manufacturing.
PcComponentes’s Presence on Crunchbase
No, PcComponentes does not have a profile on Crunchbase.
PcComponentes’s Presence on LinkedIn
Yes, PcComponentes maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/pccomponentes.
Cybersecurity Incidents Involving PcComponentes
As of January 23, 2026, Rankiteo reports that PcComponentes has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
PcComponentes has an estimated 1,946 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at PcComponentes ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
How does PcComponentes detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an third party assistance with hudson rock (threat intelligence firm), and containment measures with invalidated active sessions, forced re-authentication, and remediation measures with implemented captcha protections, mandatory two-factor authentication (2fa) for all accounts, and containment measures with mandatory captcha verification, two-factor authentication (2fa) for all future logins, and communication strategy with public statement denying large-scale breach, confirming limited credential stuffing attack..
Incident Details
Can you provide details on each incident ?
Title: PcComponentes Credential Stuffing Attack
Description: PcComponentes denied a major data breach but confirmed a credential stuffing attack exposed sensitive account details of customers. A threat actor posted a purported database containing 16.3 million records, leaking 500,000 entries and offering the remainder for sale. The attack stemmed from reused login credentials from previous breaches, traced to info-stealing malware infections.
Type: Credential Stuffing
Attack Vector: Reused login credentials from previous breaches
Vulnerability Exploited: Info-stealing malware infections, lack of multi-factor authentication
Threat Actor: daghetiaw
Motivation: Data exfiltration and sale on dark web
Title: PcComponentes Credential Stuffing Attack
Description: Spanish electronics retailer PcComponentes denied a large-scale data breach after a hacker claimed the theft of 16.3 million customer records. The company confirmed a credential stuffing attack with limited impact, far fewer than the hacker's claim.
Type: Credential Stuffing
Attack Vector: Leaked login credentials from other breaches
Threat Actor: daghetiaw
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Reused credentials from info-stealing malware infections.
Impact of the Incidents
What was the impact of each incident ?
Incident : Credential Stuffing ZENPCC1769030611
Data Compromised: Order histories, physical addresses, full names, phone numbers, IP addresses, product wishlists, customer support messages, national ID numbers, email addresses
Brand Reputation Impact: Potential negative impact due to exposure of customer data
Identity Theft Risk: High
Payment Information Risk: None (no financial details or passwords stored)
Incident : Credential Stuffing PCC1769088339
Data Compromised: Names, postal addresses, IP addresses, phone numbers, product wishlists, Zendesk customer support messages
Identity Theft Risk: High
Payment Information Risk: None (payment information not stored)
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Order Histories, Physical Addresses, Full Names, Phone Numbers, Ip Addresses, Product Wishlists, Customer Support Messages, National Id Numbers, Email Addresses, , Names, Postal Addresses, Ip Addresses, Phone Numbers, Product Wishlists, Zendesk Customer Support Messages and .
Which entities were affected by each incident ?
Incident : Credential Stuffing ZENPCC1769030611
Entity Name: PcComponentes
Entity Type: Retailer
Industry: Technology/E-commerce
Location: Spain
Customers Affected: Exact number undisclosed (claimed 16.3 million, but active user base is smaller)
Incident : Credential Stuffing PCC1769088339
Entity Name: PcComponentes
Entity Type: Retailer
Industry: Electronics
Location: Spain
Customers Affected: Limited (far fewer than 16.3 million)
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Credential Stuffing ZENPCC1769030611
Third Party Assistance: Hudson Rock (threat intelligence firm)
Containment Measures: Invalidated active sessions, forced re-authentication
Remediation Measures: Implemented CAPTCHA protections, mandatory two-factor authentication (2FA) for all accounts
Incident : Credential Stuffing PCC1769088339
Containment Measures: Mandatory CAPTCHA verification, two-factor authentication (2FA) for all future logins
Communication Strategy: Public statement denying large-scale breach, confirming limited credential stuffing attack
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through Hudson Rock (threat intelligence firm).
Data Breach Information
What type of data was compromised in each breach ?
Incident : Credential Stuffing ZENPCC1769030611
Type of Data Compromised: Order histories, Physical addresses, Full names, Phone numbers, Ip addresses, Product wishlists, Customer support messages, National id numbers, Email addresses
Number of Records Exposed: 500,000 leaked (16.3 million claimed)
Sensitivity of Data: High (PII, order details, support messages)
Data Exfiltration: Yes (posted on hacker forums for sale)
Personally Identifiable Information: Yes (full names, national ID numbers, physical addresses, email addresses, phone numbers)
Incident : Credential Stuffing PCC1769088339
Type of Data Compromised: Names, Postal addresses, Ip addresses, Phone numbers, Product wishlists, Zendesk customer support messages
Number of Records Exposed: 500,000 (sample); 16.3 million claimed (disputed)
Sensitivity of Data: Moderate to High (PII exposed, but no financial data or passwords)
Data Exfiltration: Alleged (disputed by PcComponentes)
Personally Identifiable Information: Yes
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Implemented CAPTCHA protections, mandatory two-factor authentication (2FA) for all accounts.
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by invalidated active sessions, forced re-authentication, mandatory captcha verification and two-factor authentication (2fa) for all future logins.
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Credential Stuffing ZENPCC1769030611
Lessons Learned: Importance of enforcing multi-factor authentication (2FA) and monitoring for credential reuse from previous breaches.
What recommendations were made to prevent future incidents ?
Incident : Credential Stuffing ZENPCC1769030611
Recommendations: Enforce 2FA for all accounts, implement CAPTCHA protections, monitor for credential stuffing attacks, and educate users on password hygiene.
Incident : Credential Stuffing PCC1769088339
Recommendations: Implement CAPTCHA and 2FA to prevent credential stuffing attacks
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Importance of enforcing multi-factor authentication (2FA) and monitoring for credential reuse from previous breaches.
What recommendations has the company implemented to improve cybersecurity ?
Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Enforce 2FA for all accounts, implement CAPTCHA protections, monitor for credential stuffing attacks, and educate users on password hygiene. and Implement CAPTCHA and 2FA to prevent credential stuffing attacks.
References
Where can I find more information about each incident ?
Incident : Credential Stuffing ZENPCC1769030611
Source: Threat actor post on hacker forums
Incident : Credential Stuffing ZENPCC1769030611
Source: Hudson Rock (threat intelligence firm)
Incident : Credential Stuffing PCC1769088339
Source: BleepingComputer
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Threat actor post on hacker forums, and Source: Hudson Rock (threat intelligence firm), and Source: BleepingComputer.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Credential Stuffing ZENPCC1769030611
Investigation Status: Ongoing
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Public statement denying large-scale breach and confirming limited credential stuffing attack.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Credential Stuffing ZENPCC1769030611
Customer Advisories: Forced re-authentication with 2FA enabled, CAPTCHA protections implemented.
Incident : Credential Stuffing PCC1769088339
Customer Advisories: Public statement denying large-scale breach, confirming limited credential stuffing attack
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Forced re-authentication with 2FA enabled, CAPTCHA protections implemented., Public statement denying large-scale breach and confirming limited credential stuffing attack.
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Credential Stuffing ZENPCC1769030611
Entry Point: Reused credentials from info-stealing malware infections
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Credential Stuffing ZENPCC1769030611
Root Causes: Lack of 2FA enforcement, credential reuse from previous breaches, info-stealing malware infections dating back to 2020
Corrective Actions: Mandatory 2FA, CAPTCHA protections, session invalidation, and forced re-authentication
Incident : Credential Stuffing PCC1769088339
Root Causes: Use of leaked credentials from other breaches
Corrective Actions: Mandatory CAPTCHA and 2FA implementation
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Hudson Rock (threat intelligence firm).
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Mandatory 2FA, CAPTCHA protections, session invalidation, and forced re-authentication, Mandatory CAPTCHA and 2FA implementation.
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an daghetiaw and daghetiaw.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Order histories, physical addresses, full names, phone numbers, IP addresses, product wishlists, customer support messages, national ID numbers, email addresses, Names, postal addresses, IP addresses, phone numbers, product wishlists and Zendesk customer support messages.
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was Hudson Rock (threat intelligence firm).
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident were Invalidated active sessions, forced re-authentication, Mandatory CAPTCHA verification and two-factor authentication (2FA) for all future logins.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Names, postal addresses, IP addresses, phone numbers, product wishlists, Zendesk customer support messages, Order histories, physical addresses, full names, phone numbers, IP addresses, product wishlists, customer support messages, national ID numbers and email addresses.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 33.6M.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Importance of enforcing multi-factor authentication (2FA) and monitoring for credential reuse from previous breaches.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Enforce 2FA for all accounts, implement CAPTCHA protections, monitor for credential stuffing attacks, and educate users on password hygiene. and Implement CAPTCHA and 2FA to prevent credential stuffing attacks.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are BleepingComputer, Threat actor post on hacker forums and Hudson Rock (threat intelligence firm).
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing.
Stakeholder and Customer Advisories
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued were an Forced re-authentication with 2FA enabled, CAPTCHA protections implemented., Public statement denying large-scale breach and confirming limited credential stuffing attack.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Reused credentials from info-stealing malware infections.
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis ?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Lack of 2FA enforcement, credential reuse from previous breaches, info-stealing malware infections dating back to 2020, Use of leaked credentials from other breaches.
What was the most significant corrective action taken based on post-incident analysis ?
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Mandatory 2FA, CAPTCHA protections, session invalidation, and forced re-authentication, Mandatory CAPTCHA and 2FA implementation.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Improper validation of specified type of input in M365 Copilot allows an unauthorized attacker to disclose information over a network.
Risk Information
cvss3
Base: 9.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Description
Improper access control in Azure Front Door (AFD) allows an unauthorized attacker to elevate privileges over a network.
Risk Information
cvss3
Base: 9.8
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Description
Azure Entra ID Elevation of Privilege Vulnerability
Risk Information
cvss3
Base: 9.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
Description
Moonraker is a Python web server providing API access to Klipper 3D printing firmware. In versions 0.9.3 and below, instances configured with the "ldap" component enabled are vulnerable to LDAP search filter injection techniques via the login endpoint. The 401 error response message can be used to determine whether or not a search was successful, allowing for brute force methods to discover LDAP entries on the server such as user IDs and user attributes. This issue has been fixed in version 0.10.0.
Risk Information
cvss4
Base: 2.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Runtipi is a Docker-based, personal homeserver orchestrator that facilitates multiple services on a single server. Versions 3.7.0 and above allow an authenticated user to execute arbitrary system commands on the host server by injecting shell metacharacters into backup filenames. The BackupManager fails to sanitize the filenames of uploaded backups. The system persists user-uploaded files directly to the host filesystem using the raw originalname provided in the request. This allows an attacker to stage a file containing shell metacharacters (e.g., $(id).tar.gz) at a predictable path, which is later referenced during the restore process. The successful storage of the file is what allows the subsequent restore command to reference and execute it. This issue has been fixed in version 4.7.0.
Risk Information
cvss3
Base: 8.0
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=pccomponentes' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
