POC详情: c726876b8c0a062a2c876d2430260e8e98f15c7f

来源
https://github.com/ready2disclose/CVE-2022-31491
关联漏洞

疑似Oday

描述
CVE-2022-31491
介绍
# CVE-2022-31491
Metasploit module and PoC are coming.

[Further Information](https://www.ready2disclose.com/vpow-31491-43110/)

## Voltronic Viewpower/Pro and rebrands/derivatives
The UPS management software normally allows a properly Authenticated and Authorized user using a web interface to configure the system to run a single OS command of the users choosing when the software detects a managed UPS is shutting down. For example stop a batch job or send an alert to another system via a single command.

Due to a related critical underlying function being exposed over the network (CWE-749: Exposed Unsafe Active Functionality) with no Authentication or Authorization an attacker can use this to run arbitrary code immediately regardless of any managed UPS state or presence.
文件快照

 [4.0K]  /data/pocs/c726876b8c0a062a2c876d2430260e8e98f15c7f
├── [1.0K]  LICENSE
└── [ 782]  README.md

0 directories, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。