2 matches found
CVE-2022-33175
Power Distribution Units (Powertek firmware) prior to 3.30.30 are affected. The vulnerability arises from an insecure permissions setting on the user.token field, exposed via the /cgi/get_param.cgi HTTP API, allowing disclosure of active administrator session IDs. This can enable session hijackin...
CVE-2022-33174
Summary: CVE-2022-33174 affects Powertek firmware-based Power Distribution Units prior to 3.30.30. An attacker can bypass active session authorization by sending an HTTP request to /cgi/get_param.cgi with the tmpToken cookie set to an empty string followed by a semicolon, enabling access to prote...