Описание
Voltronic Power ViewPower updateManagerPassword Exposed Dangerous Method Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Voltronic Power ViewPower. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the updateManagerPassword method. The issue results from the exposure of a dangerous function. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-22010.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
EPSS
9.8 Critical
CVSS3
Дефекты
Связанные уязвимости
Voltronic Power ViewPower updateManagerPassword Exposed Dangerous Method Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Voltronic Power ViewPower. Authentication is not required to exploit this vulnerability. The specific flaw exists within the updateManagerPassword method. The issue results from the exposure of a dangerous function. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-22010.
Уязвимость метода updateManagerPassword программного обеспечения для управления источниками бесперебойного питания Voltronic Power ViewPower, позволяющая нарушителю обойти процесс аутентификации и получить несанкционированный доступ к программному обеспечению
EPSS
9.8 Critical
CVSS3