Powercom Co Ltd Upsmon Pro vulnerabilities
4 known vulnerabilities affecting powercom_co_ltd/upsmon_pro.
Total CVEs
4
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2022-38120P3MEDIUMCVSS 6.5PoCv2.572022-11-10
CVE-2022-38120 [MEDIUM] CWE-22 CVE-2022-38120: UPSMON PRO’s has a path traversal vulnerability. A remote attacker with general user privilege can e
UPSMON PRO’s has a path traversal vulnerability. A remote attacker with general user privilege can exploit this vulnerability to bypass authentication and access arbitrary system files.
nvd
CVE-2022-38121P3MEDIUMCVSS 6.5PoCv2.572022-11-10
CVE-2022-38121 [MEDIUM] CWE-522 CVE-2022-38121: UPSMON PRO configuration file stores user password in plaintext under public user directory. A remot
UPSMON PRO configuration file stores user password in plaintext under public user directory. A remote attacker with general user privilege can access all users‘ and administrators' account names and passwords via this unprotected configuration file.
nvd
CVE-2022-38119P2CRITICALCVSS 9.8v2.572022-11-10
CVE-2022-38119 [CRITICAL] CWE-287 CVE-2022-38119: UPSMON Pro login function has insufficient authentication. An unauthenticated remote attacker can ex
UPSMON Pro login function has insufficient authentication. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and get administrator privilege to access, control system or disrupt service.
nvd
CVE-2022-38122P3HIGHCVSS 7.5v2.572022-11-10
CVE-2022-38122 [HIGH] CWE-319 CVE-2022-38122: UPSMON PRO transmits sensitive data in cleartext over HTTP protocol. An unauthenticated remote attac
UPSMON PRO transmits sensitive data in cleartext over HTTP protocol. An unauthenticated remote attacker can exploit this vulnerability to access sensitive data.
nvd