PT-2023-8160 · Voltronic Power · Voltronic Power Viewpower

Esj4Y

Publicado

2023-12-20

Atualizado

2025-07-07

CVE-2023-51572

CVSS v2.0

Crítica

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Voltronic Power ViewPower Pro (affected versions not specified)

Description This issue allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this issue. The specific flaw exists within the getMacAddressByIP function, resulting from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this issue to execute code in the context of SYSTEM.

Recommendations At the moment, there is no information about a newer version that contains a fix for this issue.

Correção

RCE

OS Command Injection

Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-78CWE-77

Identificadores relacionados

BDU:2024-00144

CVE-2023-51572

ZDI-23-1878

Produtos afetados

Voltronic Power Viewpower

PT-2023-8160 · Voltronic Power · Voltronic Power Viewpower

CVE-2023-51572

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 15