Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2022-31491 PoC — Voltronic Power多款产品 安全漏洞

Source
https://github.com/ready2disclose/CVE-2022-31491
Associated Vulnerability
Title:Voltronic Power多款产品 安全漏洞 (CVE-2022-31491)
Description:Voltronic Power ViewPower through 1.04-24215, ViewPower Pro through 2.0-22165, and PowerShield Netguard before 1.04-23292 allows a remote attacker to run arbitrary code via an unspecified web interface related to detection of a managed UPS shutting down. An unauthenticated attacker can use this to run arbitrary code immediately regardless of any managed UPS state or presence.
Description
CVE-2022-31491
Readme
# CVE-2022-31491
Metasploit module and PoC are coming.

[Further Information](https://www.ready2disclose.com/vpow-31491-43110/)

## Voltronic Viewpower/Pro and rebrands/derivatives
The UPS management software normally allows a properly Authenticated and Authorized user using a web interface to configure the system to run a single OS command of the users choosing when the software detects a managed UPS is shutting down. For example stop a batch job or send an alert to another system via a single command.

Due to a related critical underlying function being exposed over the network (CWE-749: Exposed Unsafe Active Functionality) with no Authentication or Authorization an attacker can use this to run arbitrary code immediately regardless of any managed UPS state or presence.
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →