Strix
26.1K

CVE-2022-33174

HIGHCVSS 7.5/10EPSS 13.43%

Last modified

CVE-2022-33174 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. Power Distribution Units running on Powertek firmware (multiple brands) before 3.30.30 allows remote authorization bypass in the web interface. To exploit the vulnerability, an attacker must send an HTTP packet to the data retrieval interface (/cgi/get_param.cgi) with the tmpToken cookie set to an empty string followed by a semicolon. EPSS estimates a 13.43% chance of exploitation in the next 30 days.

Description

Power Distribution Units running on Powertek firmware (multiple brands) before 3.30.30 allows remote authorization bypass in the web interface. To exploit the vulnerability, an attacker must send an HTTP packet to the data retrieval interface (/cgi/get_param.cgi) with the tmpToken cookie set to an empty string followed by a semicolon. This bypasses an active session authorization check. This can be then used to fetch the values of protected sys.passwd and sys.su.name fields that contain the username and password in cleartext.

Metrics

CVSS 3.1
7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Probability
13.43%

95.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
PowertekpdusBasic Pdu Firmware< 3.30.30
PowertekpdusPm Pdu Firmware< 3.30.30
PowertekpdusPiml Pdu Firmware< 3.30.30
PowertekpdusSmart Pim Firmware< 3.30.30
PowertekpdusSmart Pos Firmware< 3.30.30
PowertekpdusSmart Pom Firmware< 3.30.30
PowertekpdusSmart Poms Firmware< 3.30.30

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2022-33174?
Power Distribution Units running on Powertek firmware (multiple brands) before 3.30.30 allows remote authorization bypass in the web interface. To exploit the vulnerability, an attacker must send an HTTP packet to the data retrieval interface (/cgi/get_param.cgi) with the tmpToken cookie set to an empty string followed by a semicolon. This bypasses an active session authorization check. This can be then used to fetch the values of protected sys.passwd and sys.su.name fields that contain the username and password in cleartext.
How severe is CVE-2022-33174?
CVE-2022-33174 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 13.43% probability of exploitation in the next 30 days.
How do I fix CVE-2022-33174?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-33174?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST