CVE-2022-38121

Published: Nov 10, 2022Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: twcert@cert.org.tw (Secondary)

Description

UPSMON PRO configuration file stores user password in plaintext under public user directory. A remote attacker with general user privilege can access all users‘ and administrators' account names and passwords via this unprotected configuration file.

Affected (1)

Products: Upspowercom: Upsmon Pro

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Upspowercom Upsmon Pro	Version 2.57

Related CWEs

Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (2)

https://www.twcert.org.tw/tw/cp-132-6680-af0aa-1.html

Source: twcert@cert.org.tw

Third Party Advisory

https://www.twcert.org.tw/tw/cp-132-6680-af0aa-1.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.