CVE-2022-31491

CRITICAL

10.0

Description

Voltronic Power ViewPower through 1.04-24215, ViewPower Pro through 2.0-22165, and PowerShield Netguard before 1.04-23292 allows a remote attacker to run arbitrary code via an unspecified web interface related to detection of a managed UPS shutting down. An unauthenticated attacker can use this to run arbitrary code immediately regardless of any managed UPS state or presence.

Details CVE

Score CVSS v3.110.0

SeveriteCRITICAL

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurNONE

Publie8/22/2025

Derniere modification8/25/2025

Sourcenvd

Observations honeypot0

Faiblesses (CWE)

CWE-94CWE-749

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-182-05(cve@mitre.org)

https://www.ready2disclose.com/vpow-31491-43110/(cve@mitre.org)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.