CRITICAL🇵🇱 Wersja polska

CVE-2023-3265

CVSS 9.8v3.1pub. 2023-08-14upd. 2024-11-21

An authentication bypass exists on CyberPower PowerPanel Enterprise by failing to sanitize meta-characters from the username, allowing an attacker to login into the application with the default user "cyberpower" by appending a non-printable character.An unauthenticated attacker can leverage this vulnerability to log in to the CypberPower PowerPanel Enterprise as an administrator with hardcoded default credentials.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Cyberpower Powerpanel Server

    APP
    Cyberpower
    < 2.6.9
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2023-3266CRITICAL9.8ten sam produkt

A non-feature complete authentication mechanism exists in the production application allowing an attacker to b...

CVE-2023-3267CRITICAL9.1ten sam produkt

When adding a remote backup location, an authenticated user can pass arbitrary OS commands through the usernam...

CVE-2023-3260HIGH7.2ten sam produkt

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to command injection v...

CVE-2023-3261HIGH7.5ten sam produkt

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier contains a buffer overflow vulnerabi...

CVE-2023-3264MEDIUM6.7ten sam produkt

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all ...