Smart Pom Firmware
Approved changes feed: RSS · Atom
cpe:2.3:o:powertekpdus:smart_pom_firmware:*:*:*:*:*:*:*:*
part: o version: * update: *
| Vendor | Powertekpdus (b21b6623-94ca-58bb-a37e-8d1cfeeb1be8) |
|---|---|
| Product | Smart Pom Firmware (6eae6bfc-fc9e-5f6a-994b-8ab9944d8e2b) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2022-33175 |
vulnerable | 2026-06-03 14:47:23.706786 |
Details available
CRITICAL (9.8)
Power Distribution Units running on Powertek firmware (multiple brands) before 3.30.30 have an insecure permissions setting on the user.token field that is accessible to everyone through the /cgi/get_param.cgi HTTP API. This leads to disclosing active session ids of currently logged-in administrators. The session id can then be reused to act as the administrator, allowing reading of the cleartext password, or reconfiguring the device.
Published: 2022-06-13T17:03:47.000Z
Updated: 2024-08-03T08:01:20.393Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-33174 |
vulnerable | 2026-06-03 14:47:23.704144 |
Details available
CRITICAL (9.8)
Power Distribution Units running on Powertek firmware (multiple brands) before 3.30.30 allows remote authorization bypass in the web interface. To exploit the vulnerability, an attacker must send an HTTP packet to the data retrieval interface (/cgi/get_param.cgi) with the tmpToken cookie set to an empty string followed by a semicolon. This bypasses an active session authorization check. This can be then used to fetch the values of protected sys.passwd and sys.su.name fields that contain the username and password in cleartext.
Published: 2022-06-13T17:04:08.000Z
Updated: 2024-08-03T08:01:20.163Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.