Filtered by vendor Upspowercom Subscriptions
Total 4 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-38122 1 Upspowercom 1 Upsmon Pro 2024-11-21 7.5 High
UPSMON PRO transmits sensitive data in cleartext over HTTP protocol. An unauthenticated remote attacker can exploit this vulnerability to access sensitive data.
CVE-2022-38121 1 Upspowercom 1 Upsmon Pro 2024-11-21 6.5 Medium
UPSMON PRO configuration file stores user password in plaintext under public user directory. A remote attacker with general user privilege can access all users‘ and administrators' account names and passwords via this unprotected configuration file.
CVE-2022-38120 1 Upspowercom 1 Upsmon Pro 2024-11-21 6.5 Medium
UPSMON PRO’s has a path traversal vulnerability. A remote attacker with general user privilege can exploit this vulnerability to bypass authentication and access arbitrary system files.
CVE-2022-38119 1 Upspowercom 1 Upsmon Pro 2024-11-21 9.8 Critical
UPSMON Pro login function has insufficient authentication. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and get administrator privilege to access, control system or disrupt service.