CVE-2022-33175
Last modified
CVE-2022-33175 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. Power Distribution Units running on Powertek firmware (multiple brands) before 3.30.30 have an insecure permissions setting on the user.token field that is accessible to everyone through the /cgi/get_param.cgi HTTP API. This leads to disclosing active session ids of currently logged-in administrators. EPSS estimates a 1.66% chance of exploitation in the next 30 days.
Description
Power Distribution Units running on Powertek firmware (multiple brands) before 3.30.30 have an insecure permissions setting on the user.token field that is accessible to everyone through the /cgi/get_param.cgi HTTP API. This leads to disclosing active session ids of currently logged-in administrators. The session id can then be reused to act as the administrator, allowing reading of the cleartext password, or reconfiguring the device.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Powertekpdus | Basic Pdu Firmware | < 3.30.30 |
| Powertekpdus | Pm Pdu Firmware | < 3.30.30 |
| Powertekpdus | Piml Pdu Firmware | < 3.30.30 |
| Powertekpdus | Smart Pim Firmware | < 3.30.30 |
| Powertekpdus | Smart Pos Firmware | < 3.30.30 |
| Powertekpdus | Smart Pom Firmware | < 3.30.30 |
| Powertekpdus | Smart Poms Firmware | < 3.30.30 |
References
- https://gynvael.coldwind.pl/?lang=en&id=748Exploit, Third Party Advisory
- https://gynvael.coldwind.pl/?lang=en&id=748Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-33175?
How severe is CVE-2022-33175?
How do I fix CVE-2022-33175?
Are you affected by CVE-2022-33175?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST