关联漏洞
标题:Voltronic Power多款产品 安全漏洞 (CVE-2022-31491)Description:Voltronic Power ViewPower等都是Voltronic Power公司的产品。Voltronic Power ViewPower是一款适用于太阳能逆变器的监控和管理软件。Voltronic Power ViewPower Pro是一款用于监控和管理不间断电源的软件。PowerShield NetGuard等都是新西兰PowerShield公司的产品。PowerShield NetGuard是一款不间断电源管理软件。 Voltronic Power多款产品存在安全漏洞,该漏洞源于未指定W
Description
CVE-2022-31491
介绍
# CVE-2022-31491
Metasploit module and PoC are coming.
[Further Information](https://www.ready2disclose.com/vpow-31491-43110/)
## Voltronic Viewpower/Pro and rebrands/derivatives
The UPS management software normally allows a properly Authenticated and Authorized user using a web interface to configure the system to run a single OS command of the users choosing when the software detects a managed UPS is shutting down. For example stop a batch job or send an alert to another system via a single command.
Due to a related critical underlying function being exposed over the network (CWE-749: Exposed Unsafe Active Functionality) with no Authentication or Authorization an attacker can use this to run arbitrary code immediately regardless of any managed UPS state or presence.
文件快照
[4.0K] /data/pocs/c726876b8c0a062a2c876d2430260e8e98f15c7f
├── [1.0K] LICENSE
└── [ 782] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。