Vulnerabilities > Dataprobe > Iboot Pdu8A 2N20 Firmware > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-14 | CVE-2023-3264 | Use of Hard-coded Credentials vulnerability in multiple products The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database. A malicious agent with the ability to execute operating system commands on the device can leverage this vulnerability to read, modify, or delete arbitrary database records. | 9.8 |
| 2023-08-14 | CVE-2023-3259 | Deserialization of Untrusted Data vulnerability in Dataprobe products The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass. | 9.8 |
| 2023-05-22 | CVE-2022-46738 | Unspecified vulnerability in Dataprobe products The affected product exposes multiple sensitive data fields of the affected product. | 9.8 |
| 2023-05-22 | CVE-2022-46658 | Unspecified vulnerability in Dataprobe products The affected product is vulnerable to a stack-based buffer overflow which could lead to a denial of service or remote code execution. | 9.8 |
| 2022-12-21 | CVE-2022-3184 | Path Traversal vulnerability in Dataprobe products Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the device’s existing firmware allows unauthenticated users to access an old PHP page vulnerable to directory traversal, which may allow a user to write a file to the webroot directory. | 9.8 |
| 2022-12-21 | CVE-2022-3183 | OS Command Injection vulnerability in Dataprobe products Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where a specific function does not sanitize the input provided by the user, which may expose the affected to an OS command injection vulnerability. | 9.8 |