11 matches found
CVE-2022-33175
Power Distribution Units running on Powertek firmware multiple brands before 3.30.30 have an insecure permissions setting on the user.token field that is accessible to everyone through the /cgi/getparam.cgi HTTP API. This leads to disclosing active session ids of currently logged-in administrator...
CVE-2022-33174
Power Distribution Units running on Powertek firmware multiple brands before 3.30.30 allows remote authorization bypass in the web interface. To exploit the vulnerability, an attacker must send an HTTP packet to the data retrieval interface /cgi/getparam.cgi with the tmpToken cookie set to an emp...
CVE-2022-33174
Power Distribution Units running on Powertek firmware multiple brands before 3.30.30 allows remote authorization bypass in the web interface. To exploit the vulnerability, an attacker must send an HTTP packet to the data retrieval interface /cgi/getparam.cgi with the tmpToken cookie set to an emp...
CVE-2022-33175
Power Distribution Units running on Powertek firmware multiple brands before 3.30.30 have an insecure permissions setting on the user.token field that is accessible to everyone through the /cgi/getparam.cgi HTTP API. This leads to disclosing active session ids of currently logged-in administrator...
CVE-2022-33174
Power Distribution Units running on Powertek firmware multiple brands before 3.30.30 allows remote authorization bypass in the web interface. To exploit the vulnerability, an attacker must send an HTTP packet to the data retrieval interface /cgi/getparam.cgi with the tmpToken cookie set to an emp...
CVE-2022-33175
Power Distribution Units running on Powertek firmware multiple brands before 3.30.30 have an insecure permissions setting on the user.token field that is accessible to everyone through the /cgi/getparam.cgi HTTP API. This leads to disclosing active session ids of currently logged-in administrator...
Default credentials
Power Distribution Units running on Powertek firmware multiple brands before 3.30.30 have an insecure permissions setting on the user.token field that is accessible to everyone through the /cgi/getparam.cgi HTTP API. This leads to disclosing active session ids of currently logged-in administrator...
CVE-2022-33174
Power Distribution Units running on Powertek firmware multiple brands before 3.30.30 allows remote authorization bypass in the web interface. To exploit the vulnerability, an attacker must send an HTTP packet to the data retrieval interface /cgi/getparam.cgi with the tmpToken cookie set to an emp...
CVE-2022-33175
Power Distribution Units (Powertek firmware) prior to 3.30.30 are affected. The vulnerability arises from an insecure permissions setting on the user.token field, exposed via the /cgi/get_param.cgi HTTP API, allowing disclosure of active administrator session IDs. This can enable session hijackin...
PT-2022-21723 · Powertek +1 · Powertek +1
Name of the Vulnerable Software and Affected Versions: Power Distribution Units running on Powertek firmware versions prior to 3.30.30 Description: The issue allows remote authorization bypass in the web interface. An attacker can exploit this by sending an HTTP packet to the "cgi/get param.cgi"...
PT-2022-21724 · Unknown +1 · Power Distribution Units +1
Name of the Vulnerable Software and Affected Versions: Power Distribution Units running on Powertek firmware versions prior to 3.30.30 Description: The issue concerns an insecure permissions setting on the user.token field, which is accessible through the "/cgi/get param.cgi" HTTP API endpoint...