CVE-2022-31491 PoC — Voltronic Power多款产品安全漏洞

Source

https://github.com/ready2disclose/CVE-2022-31491

Associated Vulnerability

Title:Voltronic Power多款产品安全漏洞 (CVE-2022-31491)
Description:Voltronic Power ViewPower through 1.04-24215, ViewPower Pro through 2.0-22165, and PowerShield Netguard before 1.04-23292 allows a remote attacker to run arbitrary code via an unspecified web interface related to detection of a managed UPS shutting down. An unauthenticated attacker can use this to run arbitrary code immediately regardless of any managed UPS state or presence.

Description

CVE-2022-31491

Readme

# CVE-2022-31491
Metasploit module and PoC are coming.

[Further Information](https://www.ready2disclose.com/vpow-31491-43110/)

## Voltronic Viewpower/Pro and rebrands/derivatives
The UPS management software normally allows a properly Authenticated and Authorized user using a web interface to configure the system to run a single OS command of the users choosing when the software detects a managed UPS is shutting down. For example stop a batch job or send an alert to another system via a single command.

Due to a related critical underlying function being exposed over the network (CWE-749: Exposed Unsafe Active Functionality) with no Authentication or Authorization an attacker can use this to run arbitrary code immediately regardless of any managed UPS state or presence.

File Snapshot


 [4.0K]  /data/pocs/c726876b8c0a062a2c876d2430260e8e98f15c7f
├── [1.0K]  LICENSE
└── [ 782]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2022-31491 PoC — Voltronic Power多款产品 安全漏洞