Every CVE whose affected-product data names Cyberpower Powerpanel, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (16)
CVE-2024-34025 — CVSS 9.8 (critical): CyberPower PowerPanel business application code contains a hard-coded set of authentication credentials. This could result in an attacker…
CVE-2024-32047 — CVSS 9.8 (critical): Hard-coded credentials for the CyberPower PowerPanel test server can be found in the production code. This might result in an attacker…
CVE-2024-32053 — CVSS 9.8 (critical): Hard-coded credentials are used by the CyberPower PowerPanel platform to authenticate to the database, other services, and the cloud. This…
CVE-2024-32735 — CVSS 9.8 (critical): An issue regarding missing authentication for certain utilities exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An…
CVE-2024-33625 — CVSS 9.8 (critical): CyberPower PowerPanel business application code contains a hard-coded JWT signing key. This could result in an attacker forging JWT tokens…
CVE-2023-25131 — CVSS 9.4 (critical): Use of default password vulnerability in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management…
CVE-2023-25133 — CVSS 9.1 (critical): Improper privilege management vulnerability in default.cmd file in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier…
CVE-2023-25132 — CVSS 9.1 (critical): Unrestricted upload of file with dangerous type vulnerability in default.cmd file in PowerPanel Business Local/Remote for Windows v4.8.6…
CVE-2024-31856 — CVSS 8.8 (high): An attacker with certain MQTT permissions can create malicious messages to all CyberPower PowerPanel devices. This could result in an…
CVE-2024-31410 — CVSS 7.7 (high): The devices which CyberPower PowerPanel manages use identical certificates based on a hard-coded cryptographic key. This can allow an…
CVE-2024-32736 — CVSS 7.5 (high): A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak…
CVE-2024-32737 — CVSS 7.5 (high): A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak…
CVE-2024-32739 — CVSS 7.5 (high): A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak…
CVE-2024-32738 — CVSS 7.5 (high): A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak…
CVE-2024-31409 — CVSS 6.5 (medium): Certain MQTT wildcards are not blocked on the CyberPower PowerPanel system, which might result in an attacker obtaining data from…
CVE-2024-32042 — CVSS 4.9 (medium): The key used to encrypt passwords stored in the database can be found in the CyberPower PowerPanel application code, allowing the passwords…