Upsmon Pro

upsmon_pro

Vendor: Upspowercom • 4 CVEs

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-38122 1Upspowercom 1Upsmon Pro Nov 21, 2024 Nov 10, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 UPSMON PRO transmits sensitive data in cleartext over HTTP protocol. An unauthenticated remote attacker can exploit this vulnerability to access sensitive data.
CVE-2022-38121 1Upspowercom 1Upsmon Pro Nov 21, 2024 Nov 10, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 UPSMON PRO configuration file stores user password in plaintext under public user directory. A remote attacker with general user privilege can access all users‘ and administrators' account names and passwords via this un...Show more UPSMON PRO configuration file stores user password in plaintext under public user directory. A remote attacker with general user privilege can access all users‘ and administrators' account names and passwords via this unprotected configuration file.Show less
CVE-2022-38120 1Upspowercom 1Upsmon Pro Nov 21, 2024 Nov 10, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 UPSMON PRO’s has a path traversal vulnerability. A remote attacker with general user privilege can exploit this vulnerability to bypass authentication and access arbitrary system files.
CVE-2022-38119 1Upspowercom 1Upsmon Pro Nov 21, 2024 Nov 10, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 UPSMON Pro login function has insufficient authentication. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and get administrator privilege to access, control system or disrupt s...Show more UPSMON Pro login function has insufficient authentication. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and get administrator privilege to access, control system or disrupt service.Show less