CVE-2021-30490

Name of the Vulnerable Software and Affected Versions upsMonitor in ViewPower (aka ViewPowerHTML) versions 1.04-21012 through 1.04-21353

Description The issue is related to insecure permissions for the service binary, allowing an authenticated user to modify files and enabling privilege escalation.

Recommendations For versions 1.04-21012 through 1.04-21353, consider restricting access to the service binary to prevent modification by authenticated users until a patch is available. As a temporary workaround, limit the privileges of the authenticated users to minimize the risk of exploitation.