Description
Voltronic Power SNMP Web Pro version 1.1 contains a pre-authentication path traversal vulnerability in the upload.cgi endpoint that allows unauthenticated attackers to read arbitrary files on the device filesystem by supplying directory traversal sequences in the params parameter. Attackers can exploit this vulnerability to disclose sensitive files such as password hashes, which can be cracked offline to obtain root-level access and enable full system compromise.
Published: 2026-03-13
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Information Disclosure / Privilege Escalation
Action: Immediate Patch
AI Analysis

Impact

Voltronic Power SNMP Web Pro version 1.1 contains a pre-authentication path traversal vulnerability in the upload.cgi endpoint. An unauthenticated attacker can supply directory traversal strings in the params parameter to read arbitrary files from the device’s filesystem. By obtaining files containing password hashes, an attacker can later perform offline cracking to gain root-level privilege and fully compromise the device. This weakness is classified as CWE-22.

Affected Systems

The vulnerable product is Voltronic Power SNMP Web Pro, version 1.1. No other versions are listed in the advisory, so only this release is confirmed affected. The vulnerability impacts devices running this firmware and is exploitable by any party that can reach the upload.cgi endpoint over the network.

Risk and Exploitability

The CVSS score of 8.7 indicates high severity. The EPSS score of less than 1% suggests a low probability of exploitation at scale, and the vulnerability is not currently catalogued in CISA’s KEV list. Exploitation requires only unauthenticated HTTP requests to upload.cgi, making it trivial for an attacker inside the network to read sensitive configuration or credential files and potentially achieve full system compromise.

Generated by OpenCVE AI on April 27, 2026 at 20:00 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Voltronic Power SNMP Web Pro to the latest version that removes the upload.cgi path traversal vulnerability.
  • If a patch is not yet available, restrict or disable the upload.cgi endpoint using firewall rules or device configuration to block unauthenticated access.
  • After applying a mitigation, perform a path-traversal test against the upload.cgi endpoint to confirm the issue is resolved.

Generated by OpenCVE AI on April 27, 2026 at 20:00 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 23 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

 ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 22 Apr 2026 19:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-290
References

Wed, 22 Apr 2026 19:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

 cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Wed, 22 Apr 2026 18:30:00 +0000

Type Values Removed Values Added
Description wpDiscuz before 7.6.47 contains a vote manipulation vulnerability that allows attackers to manipulate comment votes by obtaining fresh nonces and bypassing rate limiting through client-controlled headers. Attackers can vary User-Agent headers to reset rate limits, request nonces from the unauthenticated wpdGetNonce endpoint, and vote multiple times using IP rotation or reverse proxy header manipulation. Voltronic Power SNMP Web Pro version 1.1 contains a pre-authentication path traversal vulnerability in the upload.cgi endpoint that allows unauthenticated attackers to read arbitrary files on the device filesystem by supplying directory traversal sequences in the params parameter. Attackers can exploit this vulnerability to disclose sensitive files such as password hashes, which can be cracked offline to obtain root-level access and enable full system compromise.
Title wpDiscuz before 7.6.47 - Vote Manipulation via Nonce Oracle and IP Rotation Voltronic Power SNMP Web Pro 1.1 Path Traversal via upload.cgi
Weaknesses CWE-22
References
Metrics cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N'}

 cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Fri, 13 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 13 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Wordpress
Wordpress wordpress
Vendors & Products Wordpress
Wordpress wordpress

Fri, 13 Mar 2026 02:00:00 +0000

Type Values Removed Values Added
Description wpDiscuz before 7.6.47 contains a vote manipulation vulnerability that allows attackers to manipulate comment votes by obtaining fresh nonces and bypassing rate limiting through client-controlled headers. Attackers can vary User-Agent headers to reset rate limits, request nonces from the unauthenticated wpdGetNonce endpoint, and vote multiple times using IP rotation or reverse proxy header manipulation.
Title wpDiscuz before 7.6.47 - Vote Manipulation via Nonce Oracle and IP Rotation
First Time appeared Gvectors
Gvectors wpdiscuz
Weaknesses CWE-290
CPEs cpe:2.3:a:gvectors:wpdiscuz:*:*:*:*:*:wordpress:*:*
Vendors & Products Gvectors
Gvectors wpdiscuz
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Gvectors Wpdiscuz
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-23T13:02:10.267Z

Reserved: 2026-01-06T16:47:17.184Z

Link: CVE-2026-22199

cve-icon Vulnrichment

Updated: 2026-03-13T16:09:38.366Z

cve-icon NVD

Status : Modified

Published: 2026-03-13T19:54:09.933

Modified: 2026-04-23T13:16:11.417

Link: CVE-2026-22199

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-27T20:00:05Z

Weaknesses