N/A

An issue was discovered on Eaton UPS 9PX 8000 SP devices. The administration panel is vulnerable to a CSRF attack on the change-password functionality. This vulnerability could be used to force a logged-in administrator to perform a silent password update. The affected forms are also vulnerable to Reflected Cross-Site Scripting vulnerabilities. This flaw could be triggered by driving an administrator logged into the Eaton application to a specially crafted web page. This attack could be done silently.

N/A

N/A

Eaton UPS 9PX 8000 SP 跨站请求伪造漏洞

Eaton UPS 9PX 8000 SP是美国Eaton公司的一款电源管理设备。 Eaton UPS 9PX 8000 SP中的change-password功能存在跨站请求伪造漏洞。远程攻击者可利用该漏洞迫使登录设备的管理员在不知情的情况下执行更新密码。

N/A

N/A