CVE-2023-3260

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to command injection via the user-name URL parameter. An authenticated malicious agent can exploit this vulnerability to execute arbitrary command on the underlying Linux operating system...

CVE-2023-3259

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass. By manipulating the IP address field in the "iBootPduSiteAuth" cookie, a malicious agent can direct the device to connect to a rouge database.Successful exploitation allows the...

CVE-2023-3259

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass. By manipulating the IP address field in the "iBootPduSiteAuth" cookie, a malicious agent can direct the device to connect to a rouge database.Successful exploitation allows the...

CVE-2023-3259

The CVE-2023-3259 issue affects Dataprobe iBoot PDU firmware ≤ 1.43.03312023, where Deserialization of Untrusted Data allows authentication bypass via the iBootPduSiteAuth cookie, enabling an attacker to perform admin-level actions (e.g., power control, user management, data exposure). Public det...

Dataprobe OS Command Injection Vulnerability

Dataprobe is a series of intelligent power switch and management products from Dataprobe, Inc. in the United States. Dataprobe iBoot PDU 1.43.03312023 and earlier versions suffer from an operating system command injection vulnerability that stems from an attack that is prone to command injection...

Dataprobe Trust Management Issue Vulnerability

Dataprobe is a family of intelligent power switching and management products from Dataprobe, Inc. in the United States. Dataprobe iBoot PDU 1.43.03312023 and prior versions suffer from a Trust Management Issue vulnerability that stems from vulnerability to authentication bypass attacks in the RES...

Dataprobe OS Command Injection Vulnerability

Dataprobe is a family of intelligent power switches and management products from Dataprobe, Inc. in the United States. An operating system command injection vulnerability exists in Dataprobe iBoot PDU version 1.43.03312023 and prior versions, which stems from a buffer overflow contained in the...

Dataprobe Trust Management Issue Vulnerability

Dataprobe is a line of intelligent power switches and management products from Dataprobe, Inc. in the United States. A security vulnerability exists in Dataprobe iBoot PDU version 1.43.03312023 and prior versions, which stems from the use of hard-coded credentials to interact with the internal...

Dataprobe Code Issue Vulnerability

Dataprobe is a line of intelligent power switches and management products from Dataprobe, Inc. in the United States. A security vulnerability exists in Dataprobe iBoot PDU version 1.43.03312023 and earlier versions. The vulnerability stems from the presence of deserialization of untrusted data in...

Dataprobe Authorization Issues Vulnerability

Dataprobe is a family of intelligent power switch and management products from Dataprobe, Inc. in the United States. A security vulnerability exists in Dataprobe iBoot PDU version 1.43.03312023 and prior versions, which stems from vulnerability to authentication bypass attacks in the REST API, an...

PT-2023-23903 · Dataprobe · Dataprobe Iboot Pdu

Name of the Vulnerable Software and Affected Versions: Dataprobe iBoot PDU versions 1.43.03312023 or earlier Description: The issue concerns command injection via the user-name URL parameter. An authenticated malicious agent can exploit this to execute arbitrary commands on the underlying Linux...

PT-2023-23928 · Dataprobe · Dataprobe Iboot Pdu

Name of the Vulnerable Software and Affected Versions: Dataprobe iBoot PDU version 1.43.03312023 or earlier Description: The issue concerns the use of hard-coded credentials for interactions with the internal Postgres database and an authentication bypass vulnerability in the REST API due to the...

Multiple Flaws in CyberPower and Dataprobe Products Put Data Centers at Risk

Multiple security vulnerabilities impacting CyberPower's PowerPanel Enterprise Data Center Infrastructure Management DCIM platform and Dataprobe's iBoot Power Distribution Unit PDU could be potentially exploited to gain unauthenticated access to these systems and inflict catastrophic damage in...

PT-2023-23894 · Dataprobe · Dataprobe Iboot Pdu

Name of the Vulnerable Software and Affected Versions: Dataprobe iBoot PDU version 1.43.03312023 or earlier Description: The issue allows a malicious agent to bypass authentication by manipulating the IP address field in the iBootPduSiteAuth cookie, directing the device to connect to a rogue...

CVE-2022-4945

The Dataprobe cloud usernames and passwords are stored in plain text in a specific file. Any user able to read this specific file from the device could compromise other devices connected to the user's cloud...

CVE-2022-4945

The Dataprobe cloud usernames and passwords are stored in plain text in a specific file. Any user able to read this specific file from the device could compromise other devices connected to the user's cloud...

Design/Logic Flaw

The Dataprobe cloud usernames and passwords are stored in plain text in a specific file. Any user able to read this specific file from the device could compromise other devices connected to the user's cloud...

CVE-2022-4945

Dataprobe iBoot-PDU FW prior to 1.43.03312023 stores cloud usernames and passwords in plaintext in a specific file. An attacker who can read that file could compromise other devices linked to the user’s cloud. Affected product: iBoot-PDU (Dataprobe). Root cause: plaintext credential storage. Impa...

CVE-2022-4945 CVE-2022-4945

The Dataprobe cloud usernames and passwords are stored in plain text in a specific file. Any user able to read this specific file from the device could compromise other devices connected to the user's cloud...

CVE-2022-4945 CVE-2022-4945

The Dataprobe cloud usernames and passwords are stored in plain text in a specific file. Any user able to read this specific file from the device could compromise other devices connected to the user's cloud...