Powertek Firmware <3.30.30 - Authorization Bypass

Powertek firmware multiple brands before 3.30.30 running Power Distribution Units are vulnerable to authorization bypass in the web interface. To exploit the vulnerability, an attacker must send an HTTP packet to the data retrieval interface /cgi/getparam.cgi with the tmpToken cookie set to an...

CVE-2022-33175

Power Distribution Units running on Powertek firmware multiple brands before 3.30.30 have an insecure permissions setting on the user.token field that is accessible to everyone through the /cgi/getparam.cgi HTTP API. This leads to disclosing active session ids of currently logged-in administrator...

CVE-2022-33174

Power Distribution Units running on Powertek firmware multiple brands before 3.30.30 allows remote authorization bypass in the web interface. To exploit the vulnerability, an attacker must send an HTTP packet to the data retrieval interface /cgi/getparam.cgi with the tmpToken cookie set to an emp...

Powertek PDU Buffer Overflow Vulnerability

Powertek is a company that manufactures data center-grade intelligent PDUs Power Distribution Units, i.e., heavy-duty power strips for server racks. The Powertek PDUs suffer from a buffer overflow vulnerability that can be exploited by an attacker to cause disclosure of the active session id of t...

CVE-2022-33175

Power Distribution Units running on Powertek firmware multiple brands before 3.30.30 have an insecure permissions setting on the user.token field that is accessible to everyone through the /cgi/getparam.cgi HTTP API. This leads to disclosing active session ids of currently logged-in administrator...

CVE-2022-33174

Power Distribution Units running on Powertek firmware multiple brands before 3.30.30 allows remote authorization bypass in the web interface. To exploit the vulnerability, an attacker must send an HTTP packet to the data retrieval interface /cgi/getparam.cgi with the tmpToken cookie set to an emp...

CVE-2022-33174

Power Distribution Units running on Powertek firmware multiple brands before 3.30.30 allows remote authorization bypass in the web interface. To exploit the vulnerability, an attacker must send an HTTP packet to the data retrieval interface /cgi/getparam.cgi with the tmpToken cookie set to an emp...

CVE-2022-33175

Power Distribution Units running on Powertek firmware multiple brands before 3.30.30 have an insecure permissions setting on the user.token field that is accessible to everyone through the /cgi/getparam.cgi HTTP API. This leads to disclosing active session ids of currently logged-in administrator...

Default credentials

Power Distribution Units running on Powertek firmware multiple brands before 3.30.30 have an insecure permissions setting on the user.token field that is accessible to everyone through the /cgi/getparam.cgi HTTP API. This leads to disclosing active session ids of currently logged-in administrator...

CVE-2022-33174

Summary: CVE-2022-33174 affects Powertek firmware-based Power Distribution Units prior to 3.30.30. An attacker can bypass active session authorization by sending an HTTP request to /cgi/get_param.cgi with the tmpToken cookie set to an empty string followed by a semicolon, enabling access to prote...

CVE-2022-33174

Power Distribution Units running on Powertek firmware multiple brands before 3.30.30 allows remote authorization bypass in the web interface. To exploit the vulnerability, an attacker must send an HTTP packet to the data retrieval interface /cgi/getparam.cgi with the tmpToken cookie set to an emp...

CVE-2022-33175

Power Distribution Units (Powertek firmware) prior to 3.30.30 are affected. The vulnerability arises from an insecure permissions setting on the user.token field, exposed via the /cgi/get_param.cgi HTTP API, allowing disclosure of active administrator session IDs. This can enable session hijackin...

PT-2022-21723 · Powertek +1 · Powertek +1

Name of the Vulnerable Software and Affected Versions: Power Distribution Units running on Powertek firmware versions prior to 3.30.30 Description: The issue allows remote authorization bypass in the web interface. An attacker can exploit this by sending an HTTP packet to the "cgi/get param.cgi"...

PT-2022-21724 · Unknown +1 · Power Distribution Units +1

Name of the Vulnerable Software and Affected Versions: Power Distribution Units running on Powertek firmware versions prior to 3.30.30 Description: The issue concerns an insecure permissions setting on the user.token field, which is accessible through the "/cgi/get param.cgi" HTTP API endpoint...

Powertek PDU 安全漏洞

Powertek is a company that manufactures data center-grade intelligent PDUs Power Distribution Units, i.e., heavy-duty power strips for server racks. The Powertek PDUs suffer from a buffer overflow vulnerability that can be exploited by an attacker to cause disclosure of the active session id of t...

Powertek PDU Certification Bypass Vulnerability

Powertek, a company that manufactures data center-grade intelligent PDUs power distribution units, or heavy-duty power cords for server racks, has an authentication bypass vulnerability that can be exploited by an attacker to bypass active session authorization checks. It can then be used to gain...