Last active
November 26, 2023 20:46
-
-
Save ph4nt0mbyt3/b237bfb06b2bff405ab47e4ea52c0bd2 to your computer and use it in GitHub Desktop.
storedxss-snmpwebpro1.1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
1. ADVISORY INFORMATION | |
======================= | |
Product: SNMP Web Pro 1.1 | |
Vendor URL: https://voltronicpower.com/ | |
Type: CWE-22 | |
Date found: 2023-05-12 | |
Date published: 2023-07-20 | |
CVSSv3 Score: 8.9 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:F/RL:U/RC:C/CR:X/IR:X/AR:X/MAV:N/MAC:L/MPR:N/MUI:N/MS:U/MC:N/MI:H/MA:H) | |
2. CREDITS | |
========== | |
This vulnerability was discovered and researched by Ph4nt0mByt3. | |
3. VERSIONS AFFECTED | |
==================== | |
SNMP Web Pro 1.1 | |
4. INTRODUCTION | |
=============== | |
SNMP Web Pro 1.1 is a web interface to control UPS systems | |
5. VULNERABILITY DETAILS | |
======================== | |
The web server allows crafted requests to store javascript on the web server | |
6. PROOF OF CONCEPT | |
======================== | |
NOT PUBLIC | |
7. SOLUTION | |
======================= | |
Enable HTTP Basic |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment