Lucene search
K

32 matches found

Nuclei
Nuclei
added yesterday62 views

Powertek Firmware <3.30.30 - Authorization Bypass

Powertek firmware multiple brands before 3.30.30 running Power Distribution Units are vulnerable to authorization bypass in the web interface. To exploit the vulnerability, an attacker must send an HTTP packet to the data retrieval interface /cgi/getparam.cgi with the tmpToken cookie set to an...

9.8CVSS7.1AI score0.13425EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/01/09 11:19 a.m.4 views

CVE-2021-22810

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC pointing to a delete policy file. Affected Products:...

6.1CVSS6.6AI score0.00749EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:44 a.m.21 views

CVE-2022-33175

Power Distribution Units running on Powertek firmware multiple brands before 3.30.30 have an insecure permissions setting on the user.token field that is accessible to everyone through the /cgi/getparam.cgi HTTP API. This leads to disclosing active session ids of currently logged-in administrator...

9.8CVSS6.9AI score0.01696EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-36219

Malicious code in bioql PyPI...

9.8CVSS9.4AI score0.01696EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2021-9949

Malicious code in bioql PyPI...

6.1CVSS6.4AI score0.00745EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 10:11 p.m.8 views

CVE-2022-33174

Power Distribution Units running on Powertek firmware multiple brands before 3.30.30 allows remote authorization bypass in the web interface. To exploit the vulnerability, an attacker must send an HTTP packet to the data retrieval interface /cgi/getparam.cgi with the tmpToken cookie set to an emp...

9.8CVSS7AI score0.13425EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/05/15 12:0 a.m.5 views

Cyber Power Systems PowerPanel Business Edition 安全漏洞

Cyber Power Systems PowerPanel Business Edition is a suite of power management software from Cyber Power Systems, USA. The software automates the shutdown of physical and virtual infrastructures, and monitors and manages CyberPower UPS systems and network-connected PDUs Power Distribution Units. ...

9.8CVSS6.5AI score0.00474EPSS
Exploits0References3
hivepro
hivepro
added 2023/08/23 1:19 p.m.20 views

Data Center Vulnerabilities a Ticking Time Bomb for Cloud Services

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Several flaws in critical data center infrastructure management systems and power distribution units pose a significant risk to cloud-based services. CyberPowers PowerPanel Enterprise has four...

6.8AI score
Exploits0
CNNVD
CNNVD
added 2023/04/24 12:0 a.m.4 views

CyberPower PowerPanel Business Edition 安全漏洞

Cyber Power Systems CyberPower PowerPanel Business Edition is a suite of power management software from Cyber Power Systems, USA. The software automates the shutdown of physical and virtual infrastructures and monitors and manages CyberPower UPS systems and network-connected PDUs Power Distributi...

9.8CVSS8.3AI score0.01034EPSS
Exploits0References6
NVD
NVD
added 2022/06/13 6:15 p.m.41 views

CVE-2022-33175

Power Distribution Units running on Powertek firmware multiple brands before 3.30.30 have an insecure permissions setting on the user.token field that is accessible to everyone through the /cgi/getparam.cgi HTTP API. This leads to disclosing active session ids of currently logged-in administrator...

9.8CVSS0.01696EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/06/13 6:15 p.m.2 views

CVE-2022-33175

Power Distribution Units running on Powertek firmware multiple brands before 3.30.30 have an insecure permissions setting on the user.token field that is accessible to everyone through the /cgi/getparam.cgi HTTP API. This leads to disclosing active session ids of currently logged-in administrator...

9.8CVSS5.8AI score0.01696EPSS
Exploits1References2
OSV
OSV
added 2022/06/13 6:15 p.m.3 views

CVE-2022-33175

Power Distribution Units running on Powertek firmware multiple brands before 3.30.30 have an insecure permissions setting on the user.token field that is accessible to everyone through the /cgi/getparam.cgi HTTP API. This leads to disclosing active session ids of currently logged-in administrator...

9.8CVSS7.2AI score0.01696EPSS
Exploits1References1
OSV
OSV
added 2022/06/13 6:15 p.m.3 views

CVE-2022-33174

Power Distribution Units running on Powertek firmware multiple brands before 3.30.30 allows remote authorization bypass in the web interface. To exploit the vulnerability, an attacker must send an HTTP packet to the data retrieval interface /cgi/getparam.cgi with the tmpToken cookie set to an emp...

7.5CVSS5.8AI score0.13425EPSS
Exploits1References1
NVD
NVD
added 2022/06/13 6:15 p.m.23 views

CVE-2022-33174

Power Distribution Units running on Powertek firmware multiple brands before 3.30.30 allows remote authorization bypass in the web interface. To exploit the vulnerability, an attacker must send an HTTP packet to the data retrieval interface /cgi/getparam.cgi with the tmpToken cookie set to an emp...

9.8CVSS0.13425EPSS
Exploits1References1
Prion
Prion
added 2022/06/13 6:15 p.m.20 views

Authorization

Power Distribution Units running on Powertek firmware multiple brands before 3.30.30 allows remote authorization bypass in the web interface. To exploit the vulnerability, an attacker must send an HTTP packet to the data retrieval interface /cgi/getparam.cgi with the tmpToken cookie set to an emp...

5CVSS7.6AI score0.13425EPSS
Exploits1References1Affected Software7
Cvelist
Cvelist
added 2022/06/13 5:4 p.m.28 views

CVE-2022-33174

Power Distribution Units running on Powertek firmware multiple brands before 3.30.30 allows remote authorization bypass in the web interface. To exploit the vulnerability, an attacker must send an HTTP packet to the data retrieval interface /cgi/getparam.cgi with the tmpToken cookie set to an emp...

9.8CVSS9.7AI score0.13425EPSS
Exploits1References1
CVE
CVE
added 2022/06/13 5:4 p.m.110 views

CVE-2022-33174

Summary: CVE-2022-33174 affects Powertek firmware-based Power Distribution Units prior to 3.30.30. An attacker can bypass active session authorization by sending an HTTP request to /cgi/get_param.cgi with the tmpToken cookie set to an empty string followed by a semicolon, enabling access to prote...

9.8CVSS7.6AI score0.13425EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/06/13 5:3 p.m.37 views

CVE-2022-33175

Power Distribution Units running on Powertek firmware multiple brands before 3.30.30 have an insecure permissions setting on the user.token field that is accessible to everyone through the /cgi/getparam.cgi HTTP API. This leads to disclosing active session ids of currently logged-in administrator...

9.8CVSS9.6AI score0.01696EPSS
Exploits1References1
CVE
CVE
added 2022/06/13 5:3 p.m.383 views

CVE-2022-33175

Power Distribution Units (Powertek firmware) prior to 3.30.30 are affected. The vulnerability arises from an insecure permissions setting on the user.token field, exposed via the /cgi/get_param.cgi HTTP API, allowing disclosure of active administrator session IDs. This can enable session hijackin...

9.8CVSS9.3AI score0.01696EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2022/06/13 12:0 a.m.27 views

Powertek PDU Certification Bypass Vulnerability

Powertek, a company that manufactures data center-grade intelligent PDUs power distribution units, or heavy-duty power cords for server racks, has an authentication bypass vulnerability that can be exploited by an attacker to bypass active session authorization checks. It can then be used to gain...

9.8CVSS4.6AI score0.13425EPSS
Exploits1References1
Rows per page
Query Builder