CVE-2022-33174 — AI Deep Analysis Summary

🚨 **Essence**: Powertek PDU Web Interface Authorization Bypass. <br>💥 **Consequences**: Attackers bypass login screens to steal **cleartext** usernames & passwords. Critical data leak! 🔑

🛡️ **Root Cause**: Flawed session validation in `/cgi/get_param.cgi`. <br>🔍 **Flaw**: The system accepts an empty `tmpToken` cookie (`;`) to skip auth checks. No proper token verification! ❌

📦 **Affected**: Powertek PDU devices. <br>📉 **Version**: Firmware **before 3.30.30**. <br>⚠️ **Note**: Multiple brands may use this firmware! Check your version. 🏷️

🕵️ **Hackers Can**: Access protected fields `sys.passwd` and `sys.su.name`. <br>🔓 **Result**: Full admin credentials in **plaintext**. No encryption needed! 💀

📊 **Threshold**: **LOW**. <br>🌐 **Auth**: None required (PR:N). <br>📡 **Network**: Remote (AV:N). <br>🎯 **Complexity**: Low (AC:L). Easy to exploit! ⚡

💻 **Public Exp**: **YES**. <br>🔗 **PoC**: Available on GitHub (Henry4E36) & Nuclei Templates. <br>🚀 **Status**: Actively exploitable via HTTP requests. 📡

🔍 **Self-Check**: Send HTTP GET to `/cgi/get_param.cgi`. <br>🍪 **Cookie**: Set `tmpToken=` (empty + semicolon). <br>📥 **Result**: If you get JSON with `sys.passwd`, you're vulnerable! 🚩

🛠️ **Fix**: Upgrade firmware to **v3.30.30 or later**. <br>✅ **Official**: Patch released by Powertek. Update now! 🔄

🚧 **No Patch?**: Block external access to Web UI. <br>🔒 **Mitigation**: Restrict `/cgi/get_param.cgi` via firewall/WAF. <br>👀 **Monitor**: Alert on unauthorized config access. 🛡️

🔥 **Urgency**: **CRITICAL**. <br>📈 **CVSS**: 9.8 (High). <br>⏳ **Action**: Patch immediately! Cleartext creds = instant compromise. 🏃💨