Powerpanel Security Vulnerabilities and Issues — Powerpanel CVE List

Lucene search

CyberpowerPowerpanel

11 matches found

CVE•added 2024/05/15 8:15 p.m.•77 views

CVE-2024-33625

CyberPower PowerPanel businessapplication code contains a hard-coded JWT signing key. This couldresult in an attacker forging JWT tokens to bypass authentication.

9.8CVSS6.8AI score0.00026EPSS

CVE•added 2024/05/15 8:15 p.m.•42 views

CVE-2024-31409

Certain MQTT wildcards are not blocked on theCyberPower PowerPanel system, which might result in an attacker obtaining data from throughout the system after gaining access to any device.

7.5CVSS6.7AI score0.00142EPSS

CVE•added 2024/05/15 8:15 p.m.•41 views

CVE-2024-32047

Hard-coded credentials for theCyberPower PowerPanel test server can be found in theproduction code. This might result in an attacker gaining access to thetesting or production server.

9.8CVSS6.7AI score0.00155EPSS

CVE•added 2024/05/15 8:15 p.m.•40 views

CVE-2024-31410

The devices which CyberPower PowerPanel manages use identical certificates based on ahard-coded cryptographic key. This can allow an attacker to impersonateany client in the system and send malicious data.

7.7CVSS6.8AI score0.00119EPSS

CVE•added 2024/05/15 8:15 p.m.•39 views

CVE-2024-31856

An attacker with certain MQTT permissions can create malicious messagesto all CyberPower PowerPanel devices. This could result in an attacker injectingSQL syntax, writing arbitrary files to the system, and executing remotecode.

8.8CVSS6.9AI score0.00189EPSS

CVE•added 2023/04/24 10:15 a.m.•37 views

CVE-2023-25131

Use of default password vulnerability in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 32bit v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 64bit v4.8.6 and e...

9.8CVSS9.7AI score0.00345EPSS

CVE•added 2024/05/15 8:15 p.m.•35 views

CVE-2024-32053

Hard-coded credentials are used by the CyberPower PowerPanel platform to authenticate to thedatabase, other services, and the cloud. This could result in anattacker gaining access to services with the privileges of a Powerpanelbusiness application.

9.8CVSS6.7AI score0.00151EPSS

CVE•added 2023/04/24 10:15 a.m.•33 views

CVE-2023-25132

Unrestricted upload of file with dangerous type vulnerability in default.cmd file in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 32bit v4.8.6 and earlier, PowerPanel Busine...

9.8CVSS9.7AI score0.0024EPSS

CVE•added 2024/05/15 8:15 p.m.•32 views

CVE-2024-32042

The key used to encrypt passwords stored in the database can be found intheCyberPower PowerPanel application code, allowing the passwords to be recovered.

7.5CVSS6.5AI score0.00129EPSS

CVE•added 2024/05/15 8:15 p.m.•31 views

CVE-2024-34025

CyberPower PowerPanel business application code contains a hard-coded set of authenticationcredentials. This could result in an attacker bypassing authenticationand gaining administrator privileges.

9.8CVSS7.1AI score0.00021EPSS

CVE•added 2023/04/24 11:15 a.m.•30 views

CVE-2023-25133

Improper privilege management vulnerability in default.cmd file in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 32bit v4.8.6 and earlier, PowerPanel Business Local/Remote fo...

9.8CVSS9.7AI score0.00233EPSS