Zebasquared

**Name of the Vulnerable Software and Affected Versions** Eaton Intelligent Power Manager versions 1.67 and prior **Description** The issue allows non-admin users to upload system configuration files by sending specially crafted requests, potentially resulting in non-admin users manipulating system configurations via uploading configurations with incorrect parameters. **Recommendations** For versions 1.67 and prior, consider restricting access to the system configuration upload feature to prevent non-admin users from manipulating system configurations until a patch is available. As a temporary workaround, limit the ability of non-admin users to send specially crafted requests to the system. Restrict access to system configuration files to minimize the risk of exploitation.