CVE-2024-31410

The devices which CyberPower PowerPanel manages use identical certificates based on a hard-coded cryptographic key. This can allow an attacker to impersonate any client in the system and send malicious data...

VulnCheck KEV: CVE-2024-32738

A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak sensitive information via the "queryptasklean" function within MCUDBHelper...

VulnCheck KEV: CVE-2024-32736

A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak sensitive information via the "queryutaskverbose" function within MCUDBHelper...

VulnCheck KEV: CVE-2024-32739

A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak sensitive information via the "queryptaskverbose" function within MCUDBHelper...

VulnCheck KEV: CVE-2024-32737

A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak sensitive information via the "querycontractresult" function within MCUDBHelper...

VulnCheck KEV: CVE-2024-32735

An issue regarding missing authentication for certain utilities exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can access the PDNU REST APIs, which may result in compromise of the application...

CyberPower PowerPanel Business Restart DoS (CVE-2024-11322)

Binary data cyberpowerppbcve-2024-11322.nbin...

CVE-2024-11322

A denial-of-service vulnerability exists in CyberPower PowerPanel Business PPB 4.11.0. An unauthenticated remote attacker can restart the ppbd.exe process via the PowerPanel Business Service Watchdog service listening on TCP port 2003. The attacker can repeatedly restart ppbd.exe to render it...

CVE-2024-11322 CyberPower PowerPanel Business Unauthenticated Restart DoS

A denial-of-service vulnerability exists in CyberPower PowerPanel Business PPB 4.11.0. An unauthenticated remote attacker can restart the ppbd.exe process via the PowerPanel Business Service Watchdog service listening on TCP port 2003. The attacker can repeatedly restart ppbd.exe to render it...

CVE-2024-11322 CyberPower PowerPanel Business Unauthenticated Restart DoS

A denial-of-service vulnerability exists in CyberPower PowerPanel Business PPB 4.11.0. An unauthenticated remote attacker can restart the ppbd.exe process via the PowerPanel Business Service Watchdog service listening on TCP port 2003. The attacker can repeatedly restart ppbd.exe to render it...

CVE-2024-11322

CyberPower PowerPanel Business (PPB) 4.11.0 has an unauthenticated DoS that allows a remote attacker to restart the ppbd.exe process via the PowerPanel Business Service Watchdog on TCP port 2003, rendering the service unavailable. The root cause is an authorization/restart capability within the w...

CyberPower PowerPanel Business 授权问题漏洞

CyberPower PowerPanel Business CyberPower PPB is a state-of-the-art power management software from CyberPower, Inc. designed to monitor and manage CyberPower UPS systems and networked ATS/PDUs. CyberPower PowerPanel Business version 4.11.0 suffers from an authorization issue vulnerability that...

PT-2025-1636 · Cyberpower · Cyberpower Powerpanel Business

Name of the Vulnerable Software and Affected Versions: CyberPower PowerPanel Business version 4.11.0 Description: A denial-of-service issue exists, allowing an unauthenticated remote attacker to restart the ppbd.exe process via the PowerPanel Business Service Watchdog service listening on TCP por...

The vulnerability of the query_ptask_lean function in the MCUDBHelper component of the PowerPanel Enterprise monitoring and power source management system allows a perpetrator to disclose protected information.

The vulnerability of the queryptasklean function in the MCUDBHelper component of the PowerPanel Enterprise monitoring and power source management system is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability can allow an attacker to disclose...

The vulnerability of the query_contract_result function in the MCUDBHelper component of the corporate version of the PowerPanel Enterprise monitoring and control system allows a perpetrator to disclose protected information.

The vulnerability of the querycontractresult function in the MCUDBHelper component of the corporate version of the PowerPanel Enterprise monitoring and power source management system is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability can allow...

The vulnerability of the query_utask_verbose function in the MCUDBHelper component of the corporate version of the PowerPanel Enterprise monitoring and power source management system allows a perpetrator to disclose protected information.

The vulnerability of the queryutaskverbose function in the MCUDBHelper component of the PowerPanel Enterprise monitoring and power management system is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability can allow an attacker to disclose sensitive...

The vulnerability of the corporate version of the PowerPanel Enterprise monitoring and power source management system lies in the lack of authentication for critical functions, allowing attackers to gain unauthorized access to the application.

The vulnerability of the corporate version of the PowerPanel Enterprise monitoring and power source management system is related to the lack of authentication for a critical function. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to the...

CVE-2024-34025

CyberPower PowerPanel business application code contains a hard-coded set of authentication credentials. This could result in an attacker bypassing authentication and gaining administrator privileges...

CVE-2024-34025

CyberPower PowerPanel business application code contains a hard-coded set of authentication credentials. This could result in an attacker bypassing authentication and gaining administrator privileges...

CVE-2024-33625

CyberPower PowerPanel business application code contains a hard-coded JWT signing key. This could result in an attacker forging JWT tokens to bypass authentication...