Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cyberpower powerpanel server vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-3265
An authentication bypass exists on CyberPower PowerPanel Enterprise by failing to sanitize meta-characters from the username, allowing an malicious user to login into the application with the default user "cyberpower" by appending a non-printable character.An unauthenti...
Cyberpower Powerpanel Server
9.8
CVSSv3
CVE-2023-3264
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database. A malicious agent with the ability to execute operating system commands on the device can leverage this vulnerability to...
Cyberpower Powerpanel Server
Dataprobe Iboot-pdu4a-c10 Firmware
Dataprobe Iboot-pdu4a-c20 Firmware
Dataprobe Iboot-pdu4a-n15 Firmware
Dataprobe Iboot-pdu4a-n20 Firmware
Dataprobe Iboot-pdu4-c20 Firmware
Dataprobe Iboot-pdu4-n20 Firmware
Dataprobe Iboot-pdu4sa-c10 Firmware
Dataprobe Iboot-pdu4sa-c20 Firmware
Dataprobe Iboot-pdu4sa-n15 Firmware
Dataprobe Iboot-pdu4sa-n20 Firmware
Dataprobe Iboot-pdu8a-2c10 Firmware
Dataprobe Iboot-pdu8a-2c20 Firmware
Dataprobe Iboot-pdu8a-2n15 Firmware
Dataprobe Iboot-pdu8a-2n20 Firmware
Dataprobe Iboot-pdu8a-c10 Firmware
Dataprobe Iboot-pdu8a-c20 Firmware
Dataprobe Iboot-pdu8a-n15 Firmware
Dataprobe Iboot-pdu8a-n20 Firmware
Dataprobe Iboot-pdu8sa-2n15 Firmware
Dataprobe Iboot-pdu8sa-c10 Firmware
Dataprobe Iboot-pdu8sa-n15 Firmware
9.8
CVSSv3
CVE-2023-3266
A non-feature complete authentication mechanism exists in the production application allowing an malicious user to bypass all authentication checks if LDAP authentication is selected.An unauthenticated attacker can leverage this vulnerability to log in to the CypberPower PowerPan...
Cyberpower Powerpanel Server
9.8
CVSSv3
CVE-2023-25131
Use of default password vulnerability in PowerPanel Business Local/Remote for Windows v4.8.6 and previous versions, PowerPanel Business Management for Windows v4.8.6 and previous versions, PowerPanel Business Local/Remote for Linux 32bit v4.8.6 and previous versions, PowerPanel B...
Cyberpower Powerpanel
8.8
CVSSv3
CVE-2023-3267
When adding a remote backup location, an authenticated user can pass arbitrary OS commands through the username field. The username is passed without sanitization into CMD running as NT/Authority System. An authenticated attacker can leverage this vulnerability to execute arbitra...
Cyberpower Powerpanel Server
8.8
CVSSv3
CVE-2023-3260
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to command injection via the `user-name` URL parameter. An authenticated malicious agent can exploit this vulnerability to execute arbitrary command on the underlying Linux operating system.
Cyberpower Powerpanel Server
Dataprobe Iboot-pdu4a-c10 Firmware
Dataprobe Iboot-pdu4a-c20 Firmware
Dataprobe Iboot-pdu4a-n15 Firmware
Dataprobe Iboot-pdu4a-n20 Firmware
Dataprobe Iboot-pdu4-c20 Firmware
Dataprobe Iboot-pdu4-n20 Firmware
Dataprobe Iboot-pdu4sa-c10 Firmware
Dataprobe Iboot-pdu4sa-c20 Firmware
Dataprobe Iboot-pdu4sa-n15 Firmware
Dataprobe Iboot-pdu4sa-n20 Firmware
Dataprobe Iboot-pdu8a-2c10 Firmware
Dataprobe Iboot-pdu8a-2c20 Firmware
Dataprobe Iboot-pdu8a-2n15 Firmware
Dataprobe Iboot-pdu8a-2n20 Firmware
Dataprobe Iboot-pdu8a-c10 Firmware
Dataprobe Iboot-pdu8a-c20 Firmware
Dataprobe Iboot-pdu8a-n15 Firmware
Dataprobe Iboot-pdu8a-n20 Firmware
Dataprobe Iboot-pdu8sa-2n15 Firmware
Dataprobe Iboot-pdu8sa-c10 Firmware
Dataprobe Iboot-pdu8sa-n15 Firmware
7.2
CVSSv3
CVE-2023-3261
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier contains a buffer overflow vulnerability in the librta.so.0.0.0 library.Successful exploitation could cause denial of service or unexpected behavior with respect to all interactions relying on the targeted ...
Cyberpower Powerpanel Server
Dataprobe Iboot-pdu4a-c10 Firmware
Dataprobe Iboot-pdu4a-c20 Firmware
Dataprobe Iboot-pdu4a-n15 Firmware
Dataprobe Iboot-pdu4a-n20 Firmware
Dataprobe Iboot-pdu4-c20 Firmware
Dataprobe Iboot-pdu4-n20 Firmware
Dataprobe Iboot-pdu4sa-c10 Firmware
Dataprobe Iboot-pdu4sa-c20 Firmware
Dataprobe Iboot-pdu4sa-n15 Firmware
Dataprobe Iboot-pdu4sa-n20 Firmware
Dataprobe Iboot-pdu8a-2c10 Firmware
Dataprobe Iboot-pdu8a-2c20 Firmware
Dataprobe Iboot-pdu8a-2n15 Firmware
Dataprobe Iboot-pdu8a-2n20 Firmware
Dataprobe Iboot-pdu8a-c10 Firmware
Dataprobe Iboot-pdu8a-c20 Firmware
Dataprobe Iboot-pdu8a-n15 Firmware
Dataprobe Iboot-pdu8a-n20 Firmware
Dataprobe Iboot-pdu8sa-2n15 Firmware
Dataprobe Iboot-pdu8sa-c10 Firmware
Dataprobe Iboot-pdu8sa-n15 Firmware
NA
CVE-2024-33615
A specially crafted Zip file containing path traversal characters can be imported to the CyberPower PowerPanel server, which allows file writing to the server outside the intended scope, and could allow an malicious user to achieve remote code execution.
NA
CVE-2024-32047
Hard-coded credentials for the CyberPower PowerPanel test server can be found in the production code. This might result in an attacker gaining access to the testing or production server.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started