CVE-2024-33625

CyberPower PowerPanel businessapplication code contains a hard-coded JWT signing key. This couldresult in an attacker forging JWT tokens to bypass authentication.

CVE-2024-32047

Hard-coded credentials for theCyberPower PowerPanel test server can be found in theproduction code. This might result in an attacker gaining access to thetesting or production server.

CVE-2023-25131

Use of default password vulnerability in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 32bit v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 64bit v4.8.6 and e...

CVE-2024-32053

Hard-coded credentials are used by the CyberPower PowerPanel platform to authenticate to thedatabase, other services, and the cloud. This could result in anattacker gaining access to services with the privileges of a Powerpanelbusiness application.

CVE-2023-25132

Unrestricted upload of file with dangerous type vulnerability in default.cmd file in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 32bit v4.8.6 and earlier, PowerPanel Busine...

CVE-2024-34025

CyberPower PowerPanel business application code contains a hard-coded set of authenticationcredentials. This could result in an attacker bypassing authenticationand gaining administrator privileges.

CVE-2023-25133

Improper privilege management vulnerability in default.cmd file in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 32bit v4.8.6 and earlier, PowerPanel Business Local/Remote fo...