Lucene search
K
UpspowercomUpsmon Pro

4 matches found

CVE
CVE
added 2022/11/10 2:20 a.m.92 views

CVE-2022-38120

Public documents confirm CVE-2022-38120 is a path-traversal vulnerability in POWERCOM UPSMON PRO that allows a remote attacker with general user privileges to read arbitrary system files and bypass authentication. Metasploit/auxiliary module upsmon_traversal exploits this path traversal to retrie...

6.5CVSS6.7AI score0.05575EPSS
CVE
CVE
added 2022/11/10 2:20 a.m.78 views

CVE-2022-38121

CVE-2022-38121 affects POWERCOM UPSMON PRO. A vulnerability in the UPSMON PRO configuration file stores user passwords in plaintext under a public user directory, enabling a remote attacker with general user privileges to read credentials. The confirmed impact is exposure of usernames and passwor...

6.5CVSS6.6AI score0.0338EPSS
CVE
CVE
added 2022/11/10 2:20 a.m.49 views

CVE-2022-38119

CVE-2022-38119 affects Powercom UPSMON PRO (v2.57 referenced by CNNVD) where the login function has insufficient authentication. An unauthenticated remote attacker can bypass login and obtain administrator privileges to access, control the system, or disrupt services. Multiple sources (NVD/NVV, C...

9.8CVSS9.9AI score0.01034EPSS
CVE
CVE
added 2022/11/10 2:20 a.m.45 views

CVE-2022-38122

The CVE-2022-38122 issue affects UPSMON PRO (Powercom) and is caused by transmitting sensitive data in cleartext over HTTP. The vulnerability can be exploited by an unauthenticated remote attacker to access sensitive information. Public references describe this risk and assign a high severity (CV...

7.5CVSS7.5AI score0.00507EPSS