CVE-2024-31409

Name of the Vulnerable Software and Affected Versions CyberPower PowerPanel (affected versions not specified)

Description The issue is related to the CyberPower PowerPanel system, where certain MQTT wildcards are not blocked, potentially allowing an attacker to obtain data from throughout the system after gaining access to any device. The vulnerability is associated with deficiencies in the authorization procedure due to the lack of blocking of wildcards. Exploitation of the vulnerability may allow a remote attacker to gain unauthorized access to protected information.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.