Cyberpower Powerpanel
16 CVEs affecting Cyberpower Powerpanel. Latest disclosed: 2024-05-15. Critical: 8, High: 6.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-34025 | Critical | 9.8 | 2024-05-15 | CyberPower PowerPanel business application code contains a hard-coded set of authentication credentials. This could result in an attacker bypassing authentica… |
CVE-2024-33625 | Critical | 9.8 | 2024-05-15 | CyberPower PowerPanel business application code contains a hard-coded JWT signing key. This could result in an attacker forging JWT tokens to bypass authenti… |
CVE-2024-32053 | Critical | 9.8 | 2024-05-15 | Hard-coded credentials are used by the CyberPower PowerPanel platform to authenticate to the database, other services, and the cloud. This could result in… |
CVE-2024-32047 | Critical | 9.8 | 2024-05-15 | Hard-coded credentials for the CyberPower PowerPanel test server can be found in the production code. This might result in an attacker gaining access to the… |
CVE-2024-32735 | Critical | 9.8 | 2024-05-14 | An issue regarding missing authentication for certain utilities exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker… |
CVE-2023-25131 | Critical | 9.4 | 2023-04-24 | Use of default password vulnerability in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and… |
CVE-2023-25133 | Critical | 9.1 | 2023-04-24 | Improper privilege management vulnerability in default.cmd file in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Managem… |
CVE-2023-25132 | Critical | 9.1 | 2023-04-24 | Unrestricted upload of file with dangerous type vulnerability in default.cmd file in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPane… |
CVE-2024-31856 | High | 8.8 | 2024-05-15 | An attacker with certain MQTT permissions can create malicious messages to all CyberPower PowerPanel devices. This could result in an attacker injecting SQL… |
CVE-2024-31410 | High | 7.7 | 2024-05-15 | The devices which CyberPower PowerPanel manages use identical certificates based on a hard-coded cryptographic key. This can allow an attacker to impersonate… |
CVE-2024-32739 | High | 7.5 | 2024-05-14 | A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak sensitive information via… |
CVE-2024-32738 | High | 7.5 | 2024-05-14 | A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak sensitive information via… |
CVE-2024-32737 | High | 7.5 | 2024-05-14 | A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak sensitive information via… |
CVE-2024-32736 | High | 7.5 | 2024-05-14 | A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak sensitive information via… |
CVE-2024-31409 | Medium | 6.5 | 2024-05-15 | Certain MQTT wildcards are not blocked on the CyberPower PowerPanel system, which might result in an attacker obtaining data from throughout the system after… |
CVE-2024-32042 | Medium | 4.9 | 2024-05-15 | The key used to encrypt passwords stored in the database can be found in the CyberPower PowerPanel application code, allowing the passwords to be recovered. |