Dataprobe

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-3264 2Cyberpower Dataprobe 23Iboot Pdu4 C20 Firmware Iboot Pdu4 N20 FirmwareIboot Pdu4a C10 Firmware+20 more Nov 21, 2024 Aug 14, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database. A malicious agent with the ability to execute operating syst...Show more The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database. A malicious agent with the ability to execute operating system commands on the device can leverage this vulnerability to read, modify, or delete arbitrary database records.Show less
CVE-2023-3263 1Dataprobe 22Iboot Pdu4 C20 Firmware Iboot Pdu4 N20 FirmwareIboot Pdu4a C10 Firmware+19 more Nov 21, 2024 Aug 14, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass in the REST API due to the mishandling of special characters when parsing credentials.Successful exploitati...Show more The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass in the REST API due to the mishandling of special characters when parsing credentials.Successful exploitation allows the malicious agent to obtain a valid authorization token and read information relating to the state of the relays and power distribution.Show less
CVE-2023-3262 1Dataprobe 22Iboot Pdu4 C20 Firmware Iboot Pdu4 N20 FirmwareIboot Pdu4a C10 Firmware+19 more Nov 21, 2024 Aug 14, 2023 N/A· v4 6.7 MEDIUM· v3 N/A· v2 The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database.A malicious agent with the ability to execute operating syste...Show more The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database.A malicious agent with the ability to execute operating system commands on the device can leverage this vulnerability to read, modify, or delete arbitrary database records.Show less
CVE-2023-3261 2Cyberpower Dataprobe 23Iboot Pdu4 C20 Firmware Iboot Pdu4 N20 FirmwareIboot Pdu4a C10 Firmware+20 more Nov 21, 2024 Aug 14, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier contains a buffer overflow vulnerability in the librta.so.0.0.0 library.Successful exploitation could cause denial of service or unexpected behavi...Show more The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier contains a buffer overflow vulnerability in the librta.so.0.0.0 library.Successful exploitation could cause denial of service or unexpected behavior with respect to all interactions relying on the targeted vulnerable binary, including the ability to log in via the web server.Show less
CVE-2023-3260 2Cyberpower Dataprobe 23Iboot Pdu4 C20 Firmware Iboot Pdu4 N20 FirmwareIboot Pdu4a C10 Firmware+20 more Nov 21, 2024 Aug 14, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to command injection via the `user-name` URL parameter. An authenticated malicious agent can exploit this vulnerability to execute a...Show more The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to command injection via the `user-name` URL parameter. An authenticated malicious agent can exploit this vulnerability to execute arbitrary command on the underlying Linux operating system.Show less
CVE-2023-3259 1Dataprobe 22Iboot Pdu4 C20 Firmware Iboot Pdu4 N20 FirmwareIboot Pdu4a C10 Firmware+19 more Nov 21, 2024 Aug 14, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass. By manipulating the IP address field in the "iBootPduSiteAuth" cookie, a malicious agent can direct the de...Show more The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass. By manipulating the IP address field in the "iBootPduSiteAuth" cookie, a malicious agent can direct the device to connect to a rouge database.Successful exploitation allows the malicious agent to take actions with administrator privileges including, but not limited to, manipulating power levels, modifying user accounts, and exporting confidential user informationShow less
CVE-2022-47320 1Dataprobe 22Iboot Pdu4 C20 Firmware Iboot Pdu4 N20 FirmwareIboot Pdu4a C10 Firmware+19 more Nov 21, 2024 May 22, 2023 N/A· v4 8.1 HIGH· v3 N/A· v2 The iBoot device’s basic discovery protocol assists in initial device configuration. The discovery protocol shows basic information about devices on the network and allows users to perform configuration changes.
CVE-2022-47311 1Dataprobe 22Iboot Pdu4 C20 Firmware Iboot Pdu4 N20 FirmwareIboot Pdu4a C10 Firmware+19 more Nov 21, 2024 May 22, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 A proprietary protocol for iBoot devices is used for control and keepalive commands. The function compares the username and password; it also contains the configuration data for the user specified. If the user does not e...Show more A proprietary protocol for iBoot devices is used for control and keepalive commands. The function compares the username and password; it also contains the configuration data for the user specified. If the user does not exist, then it sends a value for username and password, which allows successful authentication for a connection.Show less
CVE-2022-46738 1Dataprobe 22Iboot Pdu4 C20 Firmware Iboot Pdu4 N20 FirmwareIboot Pdu4a C10 Firmware+19 more Nov 21, 2024 May 22, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The affected product exposes multiple sensitive data fields of the affected product. An attacker can use the SNMP command to get device mac address and login as admin.
CVE-2022-46658 1Dataprobe 22Iboot Pdu4 C20 Firmware Iboot Pdu4 N20 FirmwareIboot Pdu4a C10 Firmware+19 more Nov 21, 2024 May 22, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The affected product is vulnerable to a stack-based buffer overflow which could lead to a denial of service or remote code execution.
CVE-2022-4945 1Dataprobe 22Iboot Pdu4 C20 Firmware Iboot Pdu4 N20 FirmwareIboot Pdu4a C10 Firmware+19 more Nov 21, 2024 May 22, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 The Dataprobe cloud usernames and passwords are stored in plain text in a specific file. Any user able to read this specific file from the device could compromise other devices connected to the user's cloud.
CVE-2022-3189 1Dataprobe 12Iboot Pdu4 N20 Firmware Iboot Pdu4a N15 FirmwareIboot Pdu4a N20 Firmware+9 more Nov 21, 2024 Dec 21, 2022 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where a specially crafted PHP script could use parameters from a HTTP request to create a URL capable of changing the host parameter. The cha...Show more Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where a specially crafted PHP script could use parameters from a HTTP request to create a URL capable of changing the host parameter. The changed host parameter in the HTTP could point to another host that will send a request to the host or IP specified in the changed host parameter. Show less
CVE-2022-3188 1Dataprobe 12Iboot Pdu4 N20 Firmware Iboot Pdu4a N15 FirmwareIboot Pdu4a N20 Firmware+9 more Nov 21, 2024 Dec 21, 2022 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where unauthenticated users could open PHP index pages without authentication and download the history file from the device; the history file...Show more Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where unauthenticated users could open PHP index pages without authentication and download the history file from the device; the history file includes the latest actions completed by specific users. Show less
CVE-2022-3187 1Dataprobe 12Iboot Pdu4 N20 Firmware Iboot Pdu4a N15 FirmwareIboot Pdu4a N20 Firmware+9 more Nov 21, 2024 Dec 21, 2022 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where certain PHP pages only validate when a valid connection is established with the database. However, these PHP pages do not verify the va...Show more Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where certain PHP pages only validate when a valid connection is established with the database. However, these PHP pages do not verify the validity of a user. Attackers could leverage this lack of verification to read the state of outlets. Show less
CVE-2022-3186 1Dataprobe 12Iboot Pdu4 N20 Firmware Iboot Pdu4a N15 FirmwareIboot Pdu4a N20 Firmware+9 more Nov 21, 2024 Dec 21, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the affected product allows an attacker to access the device’s main management page from the cloud. This feature enables users to remot...Show more Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the affected product allows an attacker to access the device’s main management page from the cloud. This feature enables users to remotely connect devices, however, the current implementation permits users to access other device's information. Show less
CVE-2022-3185 1Dataprobe 12Iboot Pdu4 N20 Firmware Iboot Pdu4a N15 FirmwareIboot Pdu4a N20 Firmware+9 more Nov 21, 2024 Dec 21, 2022 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the affected product exposes sensitive data concerning the device.
CVE-2022-3184 1Dataprobe 12Iboot Pdu4 N20 Firmware Iboot Pdu4a N15 FirmwareIboot Pdu4a N20 Firmware+9 more Nov 21, 2024 Dec 21, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the device’s existing firmware allows unauthenticated users to access an old PHP page vulnerable to directory traversal, which may allo...Show more Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the device’s existing firmware allows unauthenticated users to access an old PHP page vulnerable to directory traversal, which may allow a user to write a file to the webroot directory. Show less
CVE-2022-3183 1Dataprobe 12Iboot Pdu4 N20 Firmware Iboot Pdu4a N15 FirmwareIboot Pdu4a N20 Firmware+9 more Nov 21, 2024 Dec 21, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where a specific function does not sanitize the input provided by the user, which may expose the affected to an OS command injection vulnerab...Show more Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where a specific function does not sanitize the input provided by the user, which may expose the affected to an OS command injection vulnerability. Show less
CVE-2007-6760 1Dataprobe 1Ibootbar Firmware May 13, 2026 Apr 7, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Dataprobe iBootBar (with 2007-09-20 and possibly later beta firmware) allows remote attackers to bypass authentication, and conduct power-cycle attacks on connected devices, via a DCCOOKIE cookie.
CVE-2007-6759 1Dataprobe 1Ibootbar Firmware May 13, 2026 Apr 7, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Dataprobe iBootBar (with 2007-09-20 and possibly later released firmware) allows remote attackers to bypass authentication, and conduct power-cycle attacks on connected devices, via a DCRABBIT cookie.