3 matches found
Eaton UPS 9PX 8000 SP Password Disclosure Vulnerability (CNVD-2019-22860)
The Eaton UPS 9PX 8000 SP is a power management device from Eaton USA. The Eaton UPS 9PX 8000 SP suffers from a password disclosure vulnerability that originates from a web page displayed by the device containing a clear-text password, which can be retrieved by an attacker by browsing the source...
CVE-2018-9279
CVE-2018-9279 affects Eaton UPS 9PX 8000 SP devices. The web UI exposes the user password in cleartext and the password can be retrieved by inspecting the page source. Multiple sources (NVD/NES plugins, CNVD) describe this disclosure vulnerability. The connected documents do not provide a remedia...
CVE-2018-9281
Eaton UPS 9PX 8000 SP product is affected by CVE-2018-9281, which involves a CSRF vulnerability in the change-password functionality that can force a logged-in administrator to silently update the password. The same flaw also enables Reflected Cross-Site Scripting in affected forms, potentially e...