Skip to main content

Powerpanel

18 CVEs product

Monthly

CVE-2024-34025 CRITICAL Act Now

CyberPower PowerPanel business application code contains a hard-coded set of authentication credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Powerpanel
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-33625 CRITICAL Act Now

CyberPower PowerPanel business application code contains a hard-coded JWT signing key. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Powerpanel
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-32053 CRITICAL Act Now

Hard-coded credentials are used by the CyberPower PowerPanel platform to authenticate to the database, other services, and the cloud. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Powerpanel
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-32047 CRITICAL Act Now

Hard-coded credentials for the CyberPower PowerPanel test server can be found in the production code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Powerpanel
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-32042 HIGH This Week

The key used to encrypt passwords stored in the database can be found in the CyberPower PowerPanel application code, allowing the passwords to be recovered. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Powerpanel
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-31856 HIGH This Week

An attacker with certain MQTT permissions can create malicious messages to all CyberPower PowerPanel devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Powerpanel
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-31410 MEDIUM This Month

The devices which CyberPower PowerPanel manages use identical certificates based on a hard-coded cryptographic key. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Powerpanel
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-31409 HIGH This Week

Certain MQTT wildcards are not blocked on the CyberPower PowerPanel system, which might result in an attacker obtaining data from throughout the system after gaining access to any device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Powerpanel
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-32739 HIGH POC This Week

A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Powerpanel
NVD
CVSS 3.1
7.5
EPSS
5.4%
CVE-2024-32738 HIGH POC This Week

A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Powerpanel
NVD
CVSS 3.1
7.5
EPSS
4.5%
CVE-2024-32737 HIGH POC This Week

A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Powerpanel
NVD
CVSS 3.1
7.5
EPSS
5.4%
CVE-2024-32736 HIGH POC This Week

A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Powerpanel
NVD
CVSS 3.1
7.5
EPSS
5.4%
CVE-2024-32735 CRITICAL POC Act Now

An issue regarding missing authentication for certain utilities exists in CyberPower PowerPanel Enterprise prior to v2.8.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Powerpanel
NVD
CVSS 3.1
9.8
EPSS
6.8%
CVE-2023-25133 CRITICAL Act Now

Improper privilege management vulnerability in default.cmd file in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Apple Microsoft Powerpanel
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-25132 CRITICAL Act Now

Unrestricted upload of file with dangerous type vulnerability in default.cmd file in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Apple Microsoft Powerpanel
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-25131 CRITICAL Act Now

Use of default password vulnerability in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Microsoft Powerpanel
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2019-13071 HIGH POC This Week

CSRF in the Agent/Center component of CyberPower PowerPanel Business Edition 3.4.0 allows an attacker to submit POST requests to any forms in the web application. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Powerpanel
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2019-13070 MEDIUM POC This Month

A stored XSS vulnerability in the Agent/Center component of CyberPower PowerPanel Business Edition 3.4.0 allows a privileged attacker to embed malicious JavaScript in the SNMP trap receivers form. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Powerpanel
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
0.8%
EPSS 1% CVSS 9.8
CRITICAL Act Now

CyberPower PowerPanel business application code contains a hard-coded set of authentication credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Powerpanel
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

CyberPower PowerPanel business application code contains a hard-coded JWT signing key. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Powerpanel
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Hard-coded credentials are used by the CyberPower PowerPanel platform to authenticate to the database, other services, and the cloud. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Powerpanel
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Hard-coded credentials for the CyberPower PowerPanel test server can be found in the production code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Powerpanel
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The key used to encrypt passwords stored in the database can be found in the CyberPower PowerPanel application code, allowing the passwords to be recovered. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Powerpanel
NVD
EPSS 1% CVSS 8.8
HIGH This Week

An attacker with certain MQTT permissions can create malicious messages to all CyberPower PowerPanel devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Powerpanel
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

The devices which CyberPower PowerPanel manages use identical certificates based on a hard-coded cryptographic key. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Powerpanel
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Certain MQTT wildcards are not blocked on the CyberPower PowerPanel system, which might result in an attacker obtaining data from throughout the system after gaining access to any device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Powerpanel
NVD
EPSS 5% CVSS 7.5
HIGH POC This Week

A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Powerpanel
NVD
EPSS 5% CVSS 7.5
HIGH POC This Week

A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Powerpanel
NVD
EPSS 5% CVSS 7.5
HIGH POC This Week

A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Powerpanel
NVD
EPSS 5% CVSS 7.5
HIGH POC This Week

A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Powerpanel
NVD
EPSS 7% CVSS 9.8
CRITICAL POC Act Now

An issue regarding missing authentication for certain utilities exists in CyberPower PowerPanel Enterprise prior to v2.8.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Powerpanel
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Improper privilege management vulnerability in default.cmd file in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Apple Microsoft +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Unrestricted upload of file with dangerous type vulnerability in default.cmd file in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Apple Microsoft +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Use of default password vulnerability in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Microsoft +1
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

CSRF in the Agent/Center component of CyberPower PowerPanel Business Edition 3.4.0 allows an attacker to submit POST requests to any forms in the web application. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Powerpanel
NVD
EPSS 1% CVSS 5.4
MEDIUM POC This Month

A stored XSS vulnerability in the Agent/Center component of CyberPower PowerPanel Business Edition 3.4.0 allows a privileged attacker to embed malicious JavaScript in the SNMP trap receivers form. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Powerpanel
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy