CVE-2022-33174
published 2022-06-13CVE-2022-33174: Power Distribution Units running on Powertek firmware (multiple brands) before 3.30.30 allows remote authorization bypass in the web interface. To exploit the…
PriorityP265high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
13.43%
96.0th percentile
Power Distribution Units running on Powertek firmware (multiple brands) before 3.30.30 allows remote authorization bypass in the web interface. To exploit the vulnerability, an attacker must send an HTTP packet to the data retrieval interface (/cgi/get_param.cgi) with the tmpToken cookie set to an empty string followed by a semicolon. This bypasses an active session authorization check. This can be then used to fetch the values of protected sys.passwd and sys.su.name fields that contain the username and password in cleartext.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| powertekpdus | basic_pdu_firmware | < 3.30.30 | 3.30.30 |
| powertekpdus | piml_pdu_firmware | < 3.30.30 | 3.30.30 |
| powertekpdus | pm_pdu_firmware | < 3.30.30 | 3.30.30 |
| powertekpdus | smart_pim_firmware | < 3.30.30 | 3.30.30 |
| powertekpdus | smart_pom_firmware | < 3.30.30 | 3.30.30 |
| powertekpdus | smart_poms_firmware | < 3.30.30 | 3.30.30 |
| powertekpdus | smart_pos_firmware | < 3.30.30 | 3.30.30 |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect exploitation attempts by monitoring HTTP requests to /cgi/get_param.cgi that include a Cookie header containing 'tmpToken=;' (empty value followed by a semicolon), which bypasses active session authorization. ↗
- →Alert on HTTP 200 responses to /cgi/get_param.cgi requests bearing the malicious tmpToken cookie, as successful exploitation returns cleartext credentials (sys.passwd and sys.su.name fields) in the response body. ↗
- ·The vulnerability affects Powertek firmware versions before 3.30.30 across multiple PDU brands. Ensure version fingerprinting is used to scope detection to unpatched devices. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Powertek Firmware <3.30.30 - Authorization Bypass
nuclei·CVSS 7.5
CVE-2022-33174 [HIGH] Powertek Firmware <3.30.30 - Authorization Bypass
Powertek Firmware '
- ''
- type: status
status:
- 200
extractors:
- type: regex
group: 1
regex:
- '([A-Z0-9a-z]+)'
- '([a-z]+)'
part: body
# digest: 490a0046304402200b287c6b476fd3870e6cf258c72b2432675c9c41ae5c7aa45c6ed5394a8e603e02203172d9ecbd4d9e4a3977c5dca6d01d533177f0f7550f0a3ecb8634263aa7a43d:922c64590222798bb761d5b6d8e72950
No writeups or analysis indexed.
2022-06-13
Published