CVE-2024-31856

CVE-2024-31856 affects CyberPower PowerPanel Business. Affected: PowerPanel business (4.9.0 and prior). Issue: SQL injection vulnerability triggered by processing MQTT messages, enabling an attacker with certain MQTT permissions to inject SQL, write arbitrary files, and potentially execute remote...

CVE-2024-31856 CyberPower PowerPanel business SQL Injection

An attacker with certain MQTT permissions can create malicious messages to all CyberPower PowerPanel devices. This could result in an attacker injecting SQL syntax, writing arbitrary files to the system, and executing remote code...

CVE-2024-31856 CyberPower PowerPanel business SQL Injection

An attacker with certain MQTT permissions can create malicious messages to all CyberPower PowerPanel devices. This could result in an attacker injecting SQL syntax, writing arbitrary files to the system, and executing remote code...

CVE-2024-32042

CVE-2024-32042 affects CyberPower PowerPanel Business Edition (PowerPanel business). Root cause: the cryptographic key used to encrypt passwords stored in the database is present in the PowerPanel application code, allowing recovery of those passwords (Storing Passwords in a Recoverable Format). ...

CVE-2024-32042 CyberPower PowerPanel business Storing Passwords in a Recoverable Format

The key used to encrypt passwords stored in the database can be found in the CyberPower PowerPanel application code, allowing the passwords to be recovered...

CVE-2024-32042 CyberPower PowerPanel business Storing Passwords in a Recoverable Format

The key used to encrypt passwords stored in the database can be found in the CyberPower PowerPanel application code, allowing the passwords to be recovered...

CVE-2024-32047

The CVE concerns CyberPower PowerPanel Business software where hard-coded credentials for the test server exist in production code. Affects PowerPanel business (versions up to 4.9.0 and earlier per CNNVD/ICS notes) and could allow an attacker to bypass authentication and access testing or product...

CVE-2024-32047 CyberPower PowerPanel business Active Debug Code

Hard-coded credentials for the CyberPower PowerPanel test server can be found in the production code. This might result in an attacker gaining access to the testing or production server...

CVE-2024-32053 CyberPower PowerPanel business Use of Hard-coded Credentials

Hard-coded credentials are used by the CyberPower PowerPanel platform to authenticate to the database, other services, and the cloud. This could result in an attacker gaining access to services with the privileges of a Powerpanel business application...

CVE-2024-32053

CVE-2024-32053 affects CyberPower PowerPanel Business Platform, where hard-coded credentials are used for authentication to the database, other services, and the cloud. The result is potential attacker access with PowerPanel business application privileges. Mitigation in the Connected documents: ...

CVE-2024-32053 CyberPower PowerPanel business Use of Hard-coded Credentials

Hard-coded credentials are used by the CyberPower PowerPanel platform to authenticate to the database, other services, and the cloud. This could result in an attacker gaining access to services with the privileges of a Powerpanel business application...

CVE-2024-33615

CVE-2024-33615 affects CyberPower PowerPanel Business (PowerPanel business) up to version 4.9.0. A specially crafted ZIP containing path traversal characters can be imported to the server, enabling writing files outside the intended scope and potentially remote code execution. Remediation: CyberP...

CVE-2024-33615 CyberPower PowerPanel business Relative Path Traversal

A specially crafted Zip file containing path traversal characters can be imported to the CyberPower PowerPanel server, which allows file writing to the server outside the intended scope, and could allow an attacker to achieve remote code execution...

CVE-2024-33625 CyberPower PowerPanel business Use of Hard-coded Password

CyberPower PowerPanel business application code contains a hard-coded JWT signing key. This could result in an attacker forging JWT tokens to bypass authentication...

CVE-2024-33625 CyberPower PowerPanel business Use of Hard-coded Password

CyberPower PowerPanel business application code contains a hard-coded JWT signing key. This could result in an attacker forging JWT tokens to bypass authentication...

CVE-2024-34025 CyberPower PowerPanel business Use of Hard-coded Password

CyberPower PowerPanel business application code contains a hard-coded set of authentication credentials. This could result in an attacker bypassing authentication and gaining administrator privileges...

CVE-2024-34025

CVE-2024-34025 affects CyberPower PowerPanel Business software. The vulnerability stems from a hard-coded set of authentication credentials in the PowerPanel business application code, which could allow an attacker to bypass authentication and gain administrator privileges (CVSS v3.1 base 9.8). A...

CVE-2024-34025 CyberPower PowerPanel business Use of Hard-coded Password

CyberPower PowerPanel business application code contains a hard-coded set of authentication credentials. This could result in an attacker bypassing authentication and gaining administrator privileges...

PT-2024-25384 · Cyberpower · Cyberpower Powerpanel

Name of the Vulnerable Software and Affected Versions: CyberPower PowerPanel business application affected versions not specified Description: The issue concerns a hard-coded JWT signing key in the application code, which could allow an attacker to forge JWT tokens and bypass authentication...

Cyber Power Systems PowerPanel Business Edition SQL注入漏洞

Cyber Power Systems PowerPanel Business Edition is a suite of power management software from Cyber Power Systems, USA. The software automates the shutdown of physical and virtual infrastructures, and monitors and manages CyberPower UPS systems and network-connected PDUs Power Distribution Units. ...