{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Power Distribution Units running on Powertek firmware (multiple brands) before 3.30.30 allows remote authorization bypass in the web interface. To exploit the vulnerability, an attacker must send an HTTP packet to the data retrieval interface (/cgi/get_param.cgi) with the tmpToken cookie set to an empty string followed by a semicolon. This bypasses an active session authorization check. This can be then used to fetch the values of protected sys.passwd and sys.su.name fields that contain the username and password in cleartext."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-06-13T17:04:08.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://gynvael.coldwind.pl/?lang=en&id=748"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-33174", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Power Distribution Units running on Powertek firmware (multiple brands) before 3.30.30 allows remote authorization bypass in the web interface. To exploit the vulnerability, an attacker must send an HTTP packet to the data retrieval interface (/cgi/get_param.cgi) with the tmpToken cookie set to an empty string followed by a semicolon. This bypasses an active session authorization check. This can be then used to fetch the values of protected sys.passwd and sys.su.name fields that contain the username and password in cleartext."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://gynvael.coldwind.pl/?lang=en&id=748", "refsource": "MISC", "url": "https://gynvael.coldwind.pl/?lang=en&id=748"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T08:01:20.163Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://gynvael.coldwind.pl/?lang=en&id=748"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-33174", "datePublished": "2022-06-13T17:04:08.000Z", "dateReserved": "2022-06-13T00:00:00.000Z", "dateUpdated": "2024-08-03T08:01:20.163Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:powertekpdus:basic_pdu_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "24FD9B82-5D75-491E-9D64-19B673378568", "versionEndExcluding": "3.30.30", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:powertekpdus:basic_pdu:-:*:*:*:*:*:*:*", "matchCriteriaId": "960D65C6-F07C-4B85-8381-E90AE84F1A3B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:powertekpdus:pm_pdu_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F8331ED3-08F5-4262-8F10-6ABE8394764D", "versionEndExcluding": "3.30.30", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:powertekpdus:pm_pdu:-:*:*:*:*:*:*:*", "matchCriteriaId": "BA48F31E-2ACD-4E3C-870E-726A38C04EB1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:powertekpdus:piml_pdu_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E5AABA79-C8D8-4C7F-8140-8B95E176CE3D", "versionEndExcluding": "3.30.30", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:powertekpdus:piml_pdu:-:*:*:*:*:*:*:*", "matchCriteriaId": "5BBF300E-47B2-47FF-91C9-B0EA4473C476", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:powertekpdus:smart_pim_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "72E649EC-CCAC-4D52-9917-AF5F98D9A385", "versionEndExcluding": "3.30.30", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:powertekpdus:smart_pim:-:*:*:*:*:*:*:*", "matchCriteriaId": "EF6DEFFC-E208-42AA-9A86-9BEC62A95362", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:powertekpdus:smart_pos_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "89A6F4C3-CA16-4CE4-BBBC-B477A8CF58AC", "versionEndExcluding": "3.30.30", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:powertekpdus:smart_pos:-:*:*:*:*:*:*:*", "matchCriteriaId": "733D34C9-2249-4D5B-8CBC-C905B8FD0CF5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:powertekpdus:smart_pom_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7B2899F7-848E-4115-A5CA-E8372538999D", "versionEndExcluding": "3.30.30", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:powertekpdus:smart_pom:-:*:*:*:*:*:*:*", "matchCriteriaId": "BFEFC68A-5C05-4D12-9A53-AAC7E74C164B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:powertekpdus:smart_poms_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5A783F76-C41A-4295-B2F6-E9BD9D5AC6B5", "versionEndExcluding": "3.30.30", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:powertekpdus:smart_poms:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C57A1A7-ED1B-46E5-A708-435FF8105DA7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Power Distribution Units running on Powertek firmware (multiple brands) before 3.30.30 allows remote authorization bypass in the web interface. To exploit the vulnerability, an attacker must send an HTTP packet to the data retrieval interface (/cgi/get_param.cgi) with the tmpToken cookie set to an empty string followed by a semicolon. This bypasses an active session authorization check. This can be then used to fetch the values of protected sys.passwd and sys.su.name fields that contain the username and password in cleartext."}, {"lang": "es", "value": "Las unidades de distribuci\u00f3n de energ\u00eda que son ejecutadas con el firmware de Powertek (varias marcas) versiones anteriores a 3.30.30, permiten omitir la autorizaci\u00f3n remota en la interfaz web. Para explotar la vulnerabilidad, un atacante debe enviar un paquete HTTP a la interfaz de recuperaci\u00f3n de datos (/cgi/get_param.cgi) con la cookie tmpToken configurada con una cadena vac\u00eda seguida de un punto y coma. Esto evita la comprobaci\u00f3n de la autorizaci\u00f3n de la sesi\u00f3n activa. Esto puede ser usado para conseguir los valores de los campos protegidos sys.passwd y sys.su.name que contienen el nombre de usuario y la contrase\u00f1a en texto sin cifrar"}], "id": "CVE-2022-33174", "lastModified": "2024-11-21T07:07:39.170", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "cve@mitre.org", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-06-13T18:15:10.230", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://gynvael.coldwind.pl/?lang=en&id=748"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://gynvael.coldwind.pl/?lang=en&id=748"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}