Default credentials

2022-06-1318:15:00

PRIOn knowledge base

www.prio-n.com

9.3 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.8%

JSON

Power Distribution Units running on Powertek firmware (multiple brands) before 3.30.30 have an insecure permissions setting on the user.token field that is accessible to everyone through the /cgi/get_param.cgi HTTP API. This leads to disclosing active session ids of currently logged-in administrators. The session id can then be reused to act as the administrator, allowing reading of the cleartext password, or reconfiguring the device.

CPENameOperatorVersion
basic_pdu_firmwarelt3.30.30
piml_pdu_firmwarelt3.30.30
pm_pdu_firmwarelt3.30.30
smart_pim_firmwarelt3.30.30
smart_pom_firmwarelt3.30.30
smart_poms_firmwarelt3.30.30
smart_pos_firmwarelt3.30.30

Name	Operator	Version
basic_pdu_firmware	lt	3.30.30
piml_pdu_firmware	lt	3.30.30
pm_pdu_firmware	lt	3.30.30
smart_pim_firmware	lt	3.30.30
smart_pom_firmware	lt	3.30.30
smart_poms_firmware	lt	3.30.30
smart_pos_firmware	lt	3.30.30

References

gynvael.coldwind.pl/?lang=en&id=748