← Back

CVE-2023-51574

nvd nist
Published: May 3, 2024Modified: Jul 9, 2025

JSON object

Loading...
9.8
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: zdi-disclosures@trendmicro.com (Secondary)

Description

Voltronic Power ViewPower updateManagerPassword Exposed Dangerous Method Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Voltronic Power ViewPower. Authentication is not required to exploit this vulnerability. The specific flaw exists within the updateManagerPassword method. The issue results from the exposure of a dangerous function. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-22010.

Affected (1)

Voltronicpower
1 product
Viewpower
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Viewpower
Version 1.04.21353

Related CWEs

CWE-749
Exposed Dangerous Method or Function
The product provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.

References (2)

Source: zdi-disclosures@trendmicro.com
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.