CRITICAL🇵🇱 Wersja polska

CVE-2023-51582

CVSS 9.8v3.0pub. 2024-05-03upd. 2025-07-09

Voltronic Power ViewPower LinuxMonitorConsole Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower. Authentication is not required to exploit this vulnerability. The specific flaw exists within the LinuxMonitorConsole class. The issue results from an exposed dangerous method. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-22035.

🤖 AI Analysis
How it works

The vulnerability results from exposing a dangerous method in the LinuxMonitorConsole class (CWE-749 — Exposed Dangerous Method or Function). An attacker can remotely invoke this method without providing any credentials. This causes the application to execute arbitrary code in the context of the currently logged-in system user.

Impact

An attacker can remotely execute arbitrary code on the vulnerable installation (RCE), leading to complete system takeover, including breach of confidentiality, integrity, and availability of data.

Mitigation & patch

Patches available from the vendor should be applied according to the references. Additionally, it is recommended to restrict network access to the ViewPower application interface using a firewall to trusted hosts and to monitor activity on the service port.

Who is affected

Voltronic Power ViewPower — versions indicated in the vendor's references (applies to installations on Linux systems with LinuxMonitorConsole component)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Voltronicpower Viewpower

    APP
    Voltronicpower
    1.04.21353
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2023-51576CRITICAL9.8PL ✓ten sam produkt

RCE przez deserializację w Voltronic Power ViewPower (port TCP 51099)

CVE-2023-51581CRITICAL9.8PL ✓ten sam produkt

Voltronic Power ViewPower — RCE przez odsłoniętą niebezpieczną metodę klasy MacMonitorConsole

CVE-2023-51575CRITICAL9.8PL ✓ten sam produkt

Voltronic Power ViewPower — RCE przez niechronioną metodę w klasie MonitorConsole

CVE-2023-51574CRITICAL9.8PL ✓ten sam produkt

Voltronic Power ViewPower — pominięcie uwierzytelnienia przez exposed dangerous method

CVE-2023-51583CRITICAL9.8PL ✓ten sam produkt

RCE w Voltronic Power ViewPower — odsłonięta niebezpieczna metoda UpsScheduler