Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Power Distribution Units running on Powertek firmware (multiple brands) before 3.30.30 have an insecure permissions setting on the user.token field that is accessible to everyone through the /cgi/get_param.cgi HTTP API. This leads to disclosing active session ids of currently logged-in administrators. The session id can then be reused to act as the administrator, allowing reading of the cleartext password, or reconfiguring the device.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
N/A
Vulnerability Title
Powertek PDU 安全漏洞
Vulnerability Description
Powertek PDU是Powertek公司的高质量定制机架配电单元。 Powertek PDU 3.30.30之前版本存在安全漏洞,该漏洞源于配电单元在 user.token 字段上具有不安全的权限设置,攻击者利用该漏洞可以读取明文密码或重新配置设备。
CVSS Information
N/A
Vulnerability Type
N/A