Vulnerabilities > Dataprobe

DATE CVE VULNERABILITY TITLE RISK
2023-05-22 CVE-2022-4945 Unspecified vulnerability in Dataprobe products
The Dataprobe cloud usernames and passwords are stored in plain text in a specific file.
local
low complexity
dataprobe
6.5
2022-12-21 CVE-2022-3183 Unspecified vulnerability in Dataprobe products
Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where a specific function does not sanitize the input provided by the user, which may expose the affected to an OS command injection vulnerability.
network
low complexity
dataprobe
critical
9.8
2022-12-21 CVE-2022-3184 Unspecified vulnerability in Dataprobe products
Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the device’s existing firmware allows unauthenticated users to access an old PHP page vulnerable to directory traversal, which may allow a user to write a file to the webroot directory.
network
low complexity
dataprobe
critical
9.8
2022-12-21 CVE-2022-3185 Unspecified vulnerability in Dataprobe products
Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the affected product exposes sensitive data concerning the device.
network
low complexity
dataprobe
5.3
2022-12-21 CVE-2022-3186 Unspecified vulnerability in Dataprobe products
Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the affected product allows an attacker to access the device’s main management page from the cloud.
network
low complexity
dataprobe
7.5
2022-12-21 CVE-2022-3187 Unspecified vulnerability in Dataprobe products
Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where certain PHP pages only validate when a valid connection is established with the database.
network
low complexity
dataprobe
5.3
2022-12-21 CVE-2022-3188 Missing Authentication for Critical Function vulnerability in Dataprobe products
Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where unauthenticated users could open PHP index pages without authentication and download the history file from the device; the history file includes the latest actions completed by specific users.
network
low complexity
dataprobe CWE-306
5.3
2022-12-21 CVE-2022-3189 Unspecified vulnerability in Dataprobe products
Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where a specially crafted PHP script could use parameters from a HTTP request to create a URL capable of changing the host parameter.
network
low complexity
dataprobe
5.3
2017-04-07 CVE-2007-6760 Improper Authentication vulnerability in Dataprobe Ibootbar Firmware 20070920
Dataprobe iBootBar (with 2007-09-20 and possibly later beta firmware) allows remote attackers to bypass authentication, and conduct power-cycle attacks on connected devices, via a DCCOOKIE cookie.
network
low complexity
dataprobe CWE-287
critical
9.8
2017-04-07 CVE-2007-6759 Improper Authentication vulnerability in Dataprobe Ibootbar Firmware 20070920
Dataprobe iBootBar (with 2007-09-20 and possibly later released firmware) allows remote attackers to bypass authentication, and conduct power-cycle attacks on connected devices, via a DCRABBIT cookie.
network
low complexity
dataprobe CWE-287
critical
9.8