CVE-2024-32735— CyberPower PowerPanel Enterprise Missing Authentication
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-32735
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
CyberPower PowerPanel Enterprise Missing Authentication
Source: NVD (National Vulnerability Database)
Vulnerability Description
An issue regarding missing authentication for certain utilities exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can access the PDNU REST APIs, which may result in compromise of the application.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Cyber Power Systems PowerPanel Enterprise 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Cyber Power Systems PowerPanel Enterprise是Cyber Power Systems公司的一个旨在提供实时 PUE、PUE 趋势和总能源使用趋势的软件。 Cyber Power Systems PowerPanel Enterprise v2.8.3 版本之前存在安全漏洞,该漏洞源于未经身份验证的远程攻击者可以访问 PDNU REST API,这可能会导致应用程序受到损害。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Shenlong Deep Dive — AI Deep Analysis
10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| CyberPower | CyberPower PowerPanel Enterprise | 0 ~ 2.8.3 | - |
II. Public POCs for CVE-2024-32735
| # | POC Description | Source Link | Shenlong Link |
|---|---|---|---|
| 1 | An issue regarding missing authentication for certain utilities exists in CyberPower PowerPanel Enterprise prior to v2.8.3. | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-32735.yaml | POC Details |
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-32735
请登录查看更多情报信息。
Same Patch Batch · CyberPower · 2024-05-09 · 5 CVEs total
| CVE-2024-32737 | 7.5 HIGH | CyberPower PowerPanel Enterprise SQL Injection |
| CVE-2024-32739 | 7.5 HIGH | CyberPower PowerPanel Enterprise SQL Injection |
| CVE-2024-32738 | 7.5 HIGH | CyberPower PowerPanel Enterprise SQL Injection |
| CVE-2024-32736 | 7.5 HIGH | CyberPower PowerPanel Enterprise SQL Injection |
IV. Related Vulnerabilities
Same vendor: CyberPower
- CVE-2024-31409
CyberPower PowerPanel business Incorrect Authorization - CVE-2024-31410
CyberPower PowerPanel business Use of Hard-coded Cryptograph - CVE-2024-31856
CyberPower PowerPanel business SQL Injection - CVE-2024-32042
CyberPower PowerPanel business Storing Passwords in a Recove - CVE-2024-32047
CyberPower PowerPanel business Active Debug Code
V. Comments for CVE-2024-32735
No comments yet