目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%

CVE-2022-31491 PoC — Voltronic Power多款产品 安全漏洞

来源
关联漏洞
标题:Voltronic Power多款产品 安全漏洞 (CVE-2022-31491)
Description:Voltronic Power ViewPower等都是Voltronic Power公司的产品。Voltronic Power ViewPower是一款适用于太阳能逆变器的监控和管理软件。Voltronic Power ViewPower Pro是一款用于监控和管理不间断电源的软件。PowerShield NetGuard等都是新西兰PowerShield公司的产品。PowerShield NetGuard是一款不间断电源管理软件。 Voltronic Power多款产品存在安全漏洞,该漏洞源于未指定W
Description
CVE-2022-31491
介绍
# CVE-2022-31491
Metasploit module and PoC are coming.

[Further Information](https://www.ready2disclose.com/vpow-31491-43110/)

## Voltronic Viewpower/Pro and rebrands/derivatives
The UPS management software normally allows a properly Authenticated and Authorized user using a web interface to configure the system to run a single OS command of the users choosing when the software detects a managed UPS is shutting down. For example stop a batch job or send an alert to another system via a single command.

Due to a related critical underlying function being exposed over the network (CWE-749: Exposed Unsafe Active Functionality) with no Authentication or Authorization an attacker can use this to run arbitrary code immediately regardless of any managed UPS state or presence.
文件快照

[4.0K] /data/pocs/c726876b8c0a062a2c876d2430260e8e98f15c7f ├── [1.0K] LICENSE └── [ 782] README.md 0 directories, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。