CVE-2023-51587— Voltronic Power ViewPower getModbusPassword Missing Authentication Information Disclosure Vulnerability
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-51587
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Voltronic Power ViewPower getModbusPassword Missing Authentication Information Disclosure Vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
Voltronic Power ViewPower getModbusPassword Missing Authentication Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Voltronic Power ViewPower. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getModbusPassword method. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-22073.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
关键功能的认证机制缺失
Source: NVD (National Vulnerability Database)
Vulnerability Title
Voltronic Power ViewPower 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Voltronic Power ViewPower是Voltronic Power公司的一款适用于太阳能逆变器的监控和管理软件。 Voltronic Power ViewPower 存在安全漏洞,该漏洞源于 getModbusPassword 方法中存在特定缺陷,允许攻击者泄露敏感信息。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Voltronic Power | ViewPower | 1.04.21353 | - |
II. Public POCs for CVE-2023-51587
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-51587
请登录查看更多情报信息。
Same Patch Batch · Voltronic Power · 2024-05-03 · 18 CVEs total
| CVE-2023-51593 | Voltronic Power ViewPower Pro Expression Language Injection Remote Code Execution Vulnerab | |
| CVE-2023-51581 | Voltronic Power ViewPower MacMonitorConsole Exposed Dangerous Method Remote Code Execution | |
| CVE-2023-51585 | Voltronic Power ViewPower USBCommEx shutdown Command Injection Remote Code Execution Vulne | |
| CVE-2023-51590 | Voltronic Power ViewPower Pro UpLoadAction Unrestricted File Upload Remote Code Execution | |
| CVE-2023-51591 | Voltronic Power ViewPower Pro doDocument XML External Entity Processing Information Disclo | |
| CVE-2023-51578 | Voltronic Power ViewPower MonitorConsole Exposed Dangerous Method Denial-of-Service Vulner | |
| CVE-2023-51584 | Voltronic Power ViewPower USBCommEx shutdown Exposed Dangerous Method Remote Code Executio | |
| CVE-2023-51582 | Voltronic Power ViewPower LinuxMonitorConsole Exposed Dangerous Method Remote Code Executi | |
| CVE-2023-51576 | Voltronic Power ViewPower Deserialization of Untrusted Data Remote Code Execution Vulnerab | |
| CVE-2023-51586 | Voltronic Power ViewPower Pro selectEventConfig SQL Injection Remote Code Execution Vulner | |
| CVE-2023-51574 | Voltronic Power ViewPower updateManagerPassword Exposed Dangerous Method Authentication By | |
| CVE-2023-51575 | Voltronic Power ViewPower MonitorConsole Exposed Dangerous Method Remote Code Execution Vu | |
| CVE-2023-51595 | Voltronic Power ViewPower Pro selectDeviceListBy SQL Injection Remote Code Execution Vulne | |
| CVE-2023-51583 | Voltronic Power ViewPower UpsScheduler Exposed Dangerous Method Remote Code Execution Vuln | |
| CVE-2023-51588 | Voltronic Power ViewPower Pro MySQL Use of Hard-coded Credentials Local Privilege Escalati | |
| CVE-2023-51577 | Voltronic Power ViewPower setShutdown Exposed Dangerous Method Local Privilege Escalation | |
| CVE-2023-51579 | Voltronic Power ViewPower Incorrect Permission Assignment Local Privilege Escalation Vulne |
IV. Related Vulnerabilities
Same product: ViewPower
- CVE-2023-51585
Voltronic Power ViewPower USBCommEx shutdown Command Injecti - CVE-2023-51584
Voltronic Power ViewPower USBCommEx shutdown Exposed Dangero - CVE-2023-51583
Voltronic Power ViewPower UpsScheduler Exposed Dangerous Met - CVE-2023-51582
Voltronic Power ViewPower LinuxMonitorConsole Exposed Danger - CVE-2023-51581
Voltronic Power ViewPower MacMonitorConsole Exposed Dangerou
Same vendor: Voltronic Power
- CVE-2026-22199
Voltronic Power SNMP Web Pro 1.1 Path Traversal via upload.c - CVE-2026-22192
Voltronic Power SNMP Web Pro 1.1 Authentication Bypass via l - CVE-2023-51595
Voltronic Power ViewPower Pro selectDeviceListBy SQL Injecti - CVE-2023-51593
Voltronic Power ViewPower Pro Expression Language Injection - CVE-2023-51591
Voltronic Power ViewPower Pro doDocument XML External Entity
Same weakness: CWE-306
- CVE-2021-47940
WordPress Download From Files 1.48 Arbitrary File Upload - CVE-2021-47936
OpenCATS 0.9.4 Remote Code Execution via Resume Upload - CVE-2021-47933
WordPress MStore API 2.0.6 Arbitrary File Upload - CVE-2026-8185
UGREEN CM933 Administrative missing authentication - CVE-2026-42302
FastGPT: Unauthenticated Remote Code Execution (RCE) via cod
V. Comments for CVE-2023-51587
No comments yet