CVE-2022-31491 PoC — Voltronic Power多款产品安全漏洞

Source

https://github.com/ready2disclose/CVE-2022-31491

Associated Vulnerability

Title:Voltronic Power多款产品安全漏洞 (CVE-2022-31491)
Description:Voltronic Power ViewPower等都是Voltronic Power公司的产品。Voltronic Power ViewPower是一款适用于太阳能逆变器的监控和管理软件。Voltronic Power ViewPower Pro是一款用于监控和管理不间断电源的软件。PowerShield NetGuard等都是新西兰PowerShield公司的产品。PowerShield NetGuard是一款不间断电源管理软件。 Voltronic Power多款产品存在安全漏洞，该漏洞源于未指定W

Description

CVE-2022-31491

Readme

# CVE-2022-31491
Metasploit module and PoC are coming.

[Further Information](https://www.ready2disclose.com/vpow-31491-43110/)

## Voltronic Viewpower/Pro and rebrands/derivatives
The UPS management software normally allows a properly Authenticated and Authorized user using a web interface to configure the system to run a single OS command of the users choosing when the software detects a managed UPS is shutting down. For example stop a batch job or send an alert to another system via a single command.

Due to a related critical underlying function being exposed over the network (CWE-749: Exposed Unsafe Active Functionality) with no Authentication or Authorization an attacker can use this to run arbitrary code immediately regardless of any managed UPS state or presence.

File Snapshot


 [4.0K]  /data/pocs/c726876b8c0a062a2c876d2430260e8e98f15c7f
├── [1.0K]  LICENSE
└── [ 782]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2022-31491 PoC — Voltronic Power多款产品 安全漏洞