SNMP Web Pro 1.1 Arbitrary File Deletion
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 1. ADVISORY INFORMATION | |
| ======================= | |
| Product: SNMP Web Pro 1.1 | |
| Vendor URL: https://voltronicpower.com/ | |
| Type: CWE-22 | |
| Date found: 2023-05-12 | |
| Date published: 2023-07-20 | |
| CVSSv3 Score: 9.1 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H/E:P/RL:U) | |
| 2. CREDITS | |
| ========== | |
| This vulnerability was discovered and researched by Ph4nt0mByt3. | |
| 3. VERSIONS AFFECTED | |
| ==================== | |
| SNMP Web Pro 1.1 | |
| 4. INTRODUCTION | |
| =============== | |
| SNMP Web Pro 1.1 is a web interface to control UPS systems | |
| 5. VULNERABILITY DETAILS | |
| ======================== | |
| The web server allows crafted requests to delete system files | |
| 6. PROOF OF CONCEPT | |
| ======================== | |
| NOT PUBLIC | |
| 7. SOLUTION | |
| ======================= | |
| Enable HTTP Basic |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment