Powertekpdus Basic Pdu Firmware vulnerabilities
2 known vulnerabilities affecting powertekpdus/basic_pdu_firmware.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2022-33174P2HIGHCVSS 7.5PoCfixed in 3.30.302022-06-13
CVE-2022-33174 [HIGH] CWE-863 CVE-2022-33174: Power Distribution Units running on Powertek firmware (multiple brands) before 3.30.30 allows remote
Power Distribution Units running on Powertek firmware (multiple brands) before 3.30.30 allows remote authorization bypass in the web interface. To exploit the vulnerability, an attacker must send an HTTP packet to the data retrieval interface (/cgi/get_param.cgi) with the tmpToken cookie set to an empty string followed by a semicolon. This bypasses an
nvd
CVE-2022-33175P3CRITICALCVSS 9.8fixed in 3.30.302022-06-13
CVE-2022-33175 [CRITICAL] CWE-732 CVE-2022-33175: Power Distribution Units running on Powertek firmware (multiple brands) before 3.30.30 have an insec
Power Distribution Units running on Powertek firmware (multiple brands) before 3.30.30 have an insecure permissions setting on the user.token field that is accessible to everyone through the /cgi/get_param.cgi HTTP API. This leads to disclosing active session ids of currently logged-in administrators. The session id can then be reused to act as th
nvd