Vulnerabilities > CVE-2022-33174 - Incorrect Authorization vulnerability in Powertekpdus products

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

powertekpdus

CWE-863

NVD

Published: 2022-06-13

Updated: 2022-06-27

Summary

Power Distribution Units running on Powertek firmware (multiple brands) before 3.30.30 allows remote authorization bypass in the web interface. To exploit the vulnerability, an attacker must send an HTTP packet to the data retrieval interface (/cgi/get_param.cgi) with the tmpToken cookie set to an empty string followed by a semicolon. This bypasses an active session authorization check. This can be then used to fetch the values of protected sys.passwd and sys.su.name fields that contain the username and password in cleartext.

Vulnerable Configurations

Part	Description	Count
OS	Powertekpdus Powertekpdus Basic PDU Firmware * Powertekpdus PM PDU Firmware * Powertekpdus Piml PDU Firmware * Powertekpdus Smart PIM Firmware * Powertekpdus Smart POS Firmware * Powertekpdus Smart POM Firmware * Powertekpdus Smart Poms Firmware *	7
Hardware	Powertekpdus Powertekpdus Basic PDU - Powertekpdus PM PDU - Powertekpdus Piml PDU - Powertekpdus Smart PIM - Powertekpdus Smart POS - Powertekpdus Smart POM - Powertekpdus Smart Poms -	7

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://gynvael.coldwind.pl/?lang=en&id=748