7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 3.9 / Impact: 3.6
Source: NVD
Description
Power Distribution Units running on Powertek firmware (multiple brands) before 3.30.30 allows remote authorization bypass in the web interface. To exploit the vulnerability, an attacker must send an HTTP packet to the data retrieval interface (/cgi/get_param.cgi) with the tmpToken cookie set to an empty string followed by a semicolon. This bypasses an active session authorization check. This can be then used to fetch the values of protected sys.passwd and sys.su.name fields that contain the username and password in cleartext.
Affected (7)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 3.30.30 |
| Running on/with | Platform Versions |
|---|---|
Powertekpdus Basic Pdu | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before 3.30.30 |
| Running on/with | Platform Versions |
|---|---|
Powertekpdus Pm Pdu | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Before 3.30.30 |
| Running on/with | Platform Versions |
|---|---|
Powertekpdus Piml Pdu | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Before 3.30.30 |
| Running on/with | Platform Versions |
|---|---|
Powertekpdus Smart Pim | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Before 3.30.30 |
| Running on/with | Platform Versions |
|---|---|
Powertekpdus Smart Pos | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Before 3.30.30 |
| Running on/with | Platform Versions |
|---|---|
Powertekpdus Smart Pom | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Before 3.30.30 |
| Running on/with | Platform Versions |
|---|---|
Powertekpdus Smart Poms | All versions |
References (2)
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Timeline
No history available yet.