CVE-2022-31491

CRITICAL

10.0

Descricao

Voltronic Power ViewPower through 1.04-24215, ViewPower Pro through 2.0-22165, and PowerShield Netguard before 1.04-23292 allows a remote attacker to run arbitrary code via an unspecified web interface related to detection of a managed UPS shutting down. An unauthenticated attacker can use this to run arbitrary code immediately regardless of any managed UPS state or presence.

Detalhes CVE

Pontuacao CVSS v3.110.0

SeveridadeCRITICAL

Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Vetor de ataqueNETWORK

ComplexidadeLOW

Privilegios necessariosNONE

Interacao do usuarioNONE

Publicado8/22/2025

Ultima modificacao8/25/2025

Fontenvd

Avistamentos honeypot0

Fraquezas (CWE)

CWE-94CWE-749

Referencias

https://www.cisa.gov/news-events/ics-advisories/icsa-25-182-05(cve@mitre.org)

https://www.ready2disclose.com/vpow-31491-43110/(cve@mitre.org)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.