Cyberpower Powerpanel

16 CVEs affecting Cyberpower Powerpanel. Latest disclosed: 2024-05-15. Critical: 8, High: 6.

Top CVEs affecting Cyberpower Powerpanel
CVESeverityScorePublishedSummary
CVE-2024-34025Critical9.82024-05-15CyberPower PowerPanel business application code contains a hard-coded set of authentication credentials. This could result in an attacker bypassing authentica…
CVE-2024-33625Critical9.82024-05-15CyberPower PowerPanel business application code contains a hard-coded JWT signing key. This could result in an attacker forging JWT tokens to bypass authenti…
CVE-2024-32053Critical9.82024-05-15Hard-coded credentials are used by the  CyberPower PowerPanel platform to authenticate to the database, other services, and the cloud. This could result in…
CVE-2024-32047Critical9.82024-05-15Hard-coded credentials for the CyberPower PowerPanel test server can be found in the production code. This might result in an attacker gaining access to the…
CVE-2024-32735Critical9.82024-05-14An issue regarding missing authentication for certain utilities exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker…
CVE-2023-25131Critical9.42023-04-24Use of default password vulnerability in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and…
CVE-2023-25133Critical9.12023-04-24Improper privilege management vulnerability in default.cmd file in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Managem…
CVE-2023-25132Critical9.12023-04-24Unrestricted upload of file with dangerous type vulnerability in default.cmd file in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPane…
CVE-2024-31856High8.82024-05-15An attacker with certain MQTT permissions can create malicious messages to all CyberPower PowerPanel devices. This could result in an attacker injecting SQL…
CVE-2024-31410High7.72024-05-15The devices which CyberPower PowerPanel manages use identical certificates based on a hard-coded cryptographic key. This can allow an attacker to impersonate…
CVE-2024-32739High7.52024-05-14A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak sensitive information via…
CVE-2024-32738High7.52024-05-14A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak sensitive information via…
CVE-2024-32737High7.52024-05-14A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak sensitive information via…
CVE-2024-32736High7.52024-05-14A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak sensitive information via…
CVE-2024-31409Medium6.52024-05-15Certain MQTT wildcards are not blocked on the CyberPower PowerPanel system, which might result in an attacker obtaining data from throughout the system after…
CVE-2024-32042Medium4.92024-05-15The key used to encrypt passwords stored in the database can be found in the CyberPower PowerPanel application code, allowing the passwords to be recovered.