CVE-2018-9280

Name of the Vulnerable Software and Affected Versions Eaton UPS 9PX 8000 SP devices (affected versions not specified)

Description An issue was discovered where the appliance discloses the SNMP version 3 user's password. The password is displayed in cleartext on the web page and can also be retrieved by browsing the source code of the webpage. This affects the passwords of both the read and write users.

Recommendations For Eaton UPS 9PX 8000 SP devices, as a temporary workaround, consider restricting access to the web interface until a fix is available. Avoid using the SNMP version 3 feature until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.