Cyberpower Powerpanel Business

9 CVEs affecting Cyberpower Powerpanel Business. Latest disclosed: 2024-05-15. Critical: 4, High: 3.

Top CVEs affecting Cyberpower Powerpanel Business
CVESeverityScorePublishedSummary
CVE-2024-34025Critical9.82024-05-15CyberPower PowerPanel business application code contains a hard-coded set of authentication credentials. This could result in an attacker bypassing authentica…
CVE-2024-33625Critical9.82024-05-15CyberPower PowerPanel business application code contains a hard-coded JWT signing key. This could result in an attacker forging JWT tokens to bypass authenti…
CVE-2024-32053Critical9.82024-05-15Hard-coded credentials are used by the  CyberPower PowerPanel platform to authenticate to the database, other services, and the cloud. This could result in…
CVE-2024-32047Critical9.82024-05-15Hard-coded credentials for the CyberPower PowerPanel test server can be found in the production code. This might result in an attacker gaining access to the…
CVE-2024-33615High8.82024-05-15A specially crafted Zip file containing path traversal characters can be imported to the CyberPower PowerPanel server, which allows file writing to the ser…
CVE-2024-31856High8.82024-05-15An attacker with certain MQTT permissions can create malicious messages to all CyberPower PowerPanel devices. This could result in an attacker injecting SQL…
CVE-2024-31410High7.72024-05-15The devices which CyberPower PowerPanel manages use identical certificates based on a hard-coded cryptographic key. This can allow an attacker to impersonate…
CVE-2024-31409Medium6.52024-05-15Certain MQTT wildcards are not blocked on the CyberPower PowerPanel system, which might result in an attacker obtaining data from throughout the system after…
CVE-2024-32042Medium4.92024-05-15The key used to encrypt passwords stored in the database can be found in the CyberPower PowerPanel application code, allowing the passwords to be recovered.