Skip to main content

Iboot Pdu8Sa 2N15 Firmware

13 CVEs product

Monthly

CVE-2023-3264 CRITICAL Act Now

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PostgreSQL Authentication Bypass Powerpanel Server Iboot Pdu4A C10 Firmware Iboot Pdu4A C20 Firmware +20
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-3263 HIGH This Week

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass in the REST API due to the mishandling of special characters when parsing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Iboot Pdu4A C10 Firmware Iboot Pdu4A C20 Firmware Iboot Pdu4A N15 Firmware Iboot Pdu4A N20 Firmware +18
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-3262 MEDIUM This Month

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database.A malicious agent with the ability to. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

PostgreSQL Authentication Bypass Iboot Pdu4A C10 Firmware Iboot Pdu4A C20 Firmware Iboot Pdu4A N15 Firmware +19
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2023-3261 HIGH This Week

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier contains a buffer overflow vulnerability in the librta.so.0.0.0 library.Successful exploitation could cause denial of service. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Powerpanel Server Iboot Pdu4A C10 Firmware Iboot Pdu4A C20 Firmware +20
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2023-3260 HIGH This Week

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to command injection via the `user-name` URL parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Powerpanel Server Iboot Pdu4A C10 Firmware Iboot Pdu4A C20 Firmware Iboot Pdu4A N15 Firmware +19
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-3259 CRITICAL Act Now

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Deserialization Iboot Pdu4A C10 Firmware Iboot Pdu4A C20 Firmware Iboot Pdu4A N15 Firmware +19
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-3189 MEDIUM PATCH This Month

Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where a specially crafted PHP script could use parameters from a HTTP request to create a URL capable of changing the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF PHP Iboot Pdu4 N20 Firmware Iboot Pdu4Sa N15 Firmware Iboot Pdu4A N15 Firmware +9
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-3188 MEDIUM PATCH This Month

Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where unauthenticated users could open PHP index pages without authentication and download the history file from the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

PHP Authentication Bypass Iboot Pdu4 N20 Firmware Iboot Pdu4Sa N15 Firmware Iboot Pdu4A N15 Firmware +9
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-3187 MEDIUM PATCH This Month

Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where certain PHP pages only validate when a valid connection is established with the database. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP Authentication Bypass Iboot Pdu4 N20 Firmware Iboot Pdu4Sa N15 Firmware Iboot Pdu4A N15 Firmware +9
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-3186 HIGH PATCH This Week

Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the affected product allows an attacker to access the device’s main management page from the cloud. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Iboot Pdu4 N20 Firmware Iboot Pdu4Sa N15 Firmware Iboot Pdu4A N15 Firmware Iboot Pdu4Sa N20 Firmware +8
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-3185 MEDIUM PATCH This Month

Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the affected product exposes sensitive data concerning the device. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Iboot Pdu4 N20 Firmware Iboot Pdu4Sa N15 Firmware Iboot Pdu4A N15 Firmware Iboot Pdu4Sa N20 Firmware +8
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-3184 CRITICAL PATCH Act Now

Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the device’s existing firmware allows unauthenticated users to access an old PHP page vulnerable to directory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal PHP Iboot Pdu4 N20 Firmware Iboot Pdu4Sa N15 Firmware Iboot Pdu4A N15 Firmware +9
NVD
CVSS 3.1
9.8
EPSS
11.6%
CVE-2022-3183 CRITICAL PATCH Act Now

Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where a specific function does not sanitize the input provided by the user, which may expose the affected to an OS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Iboot Pdu4 N20 Firmware Iboot Pdu4Sa N15 Firmware Iboot Pdu4A N15 Firmware Iboot Pdu4Sa N20 Firmware +8
NVD
CVSS 3.1
9.8
EPSS
1.6%
EPSS 0% CVSS 9.8
CRITICAL Act Now

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PostgreSQL Authentication Bypass Powerpanel Server +22
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass in the REST API due to the mishandling of special characters when parsing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Iboot Pdu4A C10 Firmware Iboot Pdu4A C20 Firmware +20
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database.A malicious agent with the ability to. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

PostgreSQL Authentication Bypass Iboot Pdu4A C10 Firmware +21
NVD
EPSS 1% CVSS 7.2
HIGH This Week

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier contains a buffer overflow vulnerability in the librta.so.0.0.0 library.Successful exploitation could cause denial of service. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Powerpanel Server +22
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to command injection via the `user-name` URL parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Powerpanel Server Iboot Pdu4A C10 Firmware +21
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Deserialization Iboot Pdu4A C10 Firmware +21
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where a specially crafted PHP script could use parameters from a HTTP request to create a URL capable of changing the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF PHP Iboot Pdu4 N20 Firmware +11
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where unauthenticated users could open PHP index pages without authentication and download the history file from the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

PHP Authentication Bypass Iboot Pdu4 N20 Firmware +11
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where certain PHP pages only validate when a valid connection is established with the database. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP Authentication Bypass Iboot Pdu4 N20 Firmware +11
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the affected product allows an attacker to access the device’s main management page from the cloud. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Iboot Pdu4 N20 Firmware Iboot Pdu4Sa N15 Firmware +10
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the affected product exposes sensitive data concerning the device. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Iboot Pdu4 N20 Firmware Iboot Pdu4Sa N15 Firmware +10
NVD
EPSS 12% CVSS 9.8
CRITICAL PATCH Act Now

Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the device’s existing firmware allows unauthenticated users to access an old PHP page vulnerable to directory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal PHP Iboot Pdu4 N20 Firmware +11
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where a specific function does not sanitize the input provided by the user, which may expose the affected to an OS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Iboot Pdu4 N20 Firmware Iboot Pdu4Sa N15 Firmware +10
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy