Ph4Nt0Mbyt3

#10730of 53,639
25.7Total CVSS
Vulnerabilities · 3
Medium
1
Critical
2
PT-2023-31259
6.1
2023-12-12
Voltronic Power · Voltronic Power Snmp Web Pro · CVE-2023-49563
**Name of the Vulnerable Software and Affected Versions** Voltronic Power SNMP Web Pro version 1.1 **Description** The issue allows an attacker to execute arbitrary code via a crafted script within a request to the webserver. This is a Cross Site Scripting (XSS) issue. **Recommendations** For Voltronic Power SNMP Web Pro version 1.1, consider disabling access to the webserver until a patch is available. Restrict access to the web interface to minimize the risk of exploitation. Avoid using the web interface for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2023-26775
9.8
2023-09-12
Unknown · Snmp Web Pro · CVE-2023-39073
**Name of the Vulnerable Software and Affected Versions** SNMP Web Pro version 1.1 **Description** An issue in the software allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted request. **Recommendations** For SNMP Web Pro version 1.1, consider disabling the software until a patch is available to prevent remote attackers from executing arbitrary code and obtaining sensitive information. As a temporary workaround, restrict access to the software to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.
PT-2023-24259
9.8
2023-07-12
Unknown · Powershield Snmp Web Pro · CVE-2023-33274
**Name of the Vulnerable Software and Affected Versions** PowerShield SNMP Web Pro version 1.1 **Description** The authentication mechanism contains an issue that allows unauthenticated users to directly access Common Gateway Interface (CGI) scripts without proper identification or authorization. This arises from a lack of proper cookie verification and affects all instances without HTTP Digest authentication enabled, regardless of the password used for the web interface. **Recommendations** For PowerShield SNMP Web Pro version 1.1, enable HTTP Digest authentication to mitigate the risk of unauthorized access to CGI scripts. As a temporary workaround, consider restricting access to CGI scripts until a more permanent solution is available.