Cyberpower Powerpanel Server — known CVE vulnerabilities
Every CVE whose affected-product data names Cyberpower Powerpanel Server, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2023-3265 — CVSS 9.8 (critical): An authentication bypass exists on CyberPower PowerPanel Enterprise by failing to sanitize meta-characters from the username, allowing an…
CVE-2023-3266 — CVSS 9.8 (critical): A non-feature complete authentication mechanism exists in the production application allowing an attacker to bypass all authentication…
CVE-2023-3267 — CVSS 9.1 (critical): When adding a remote backup location, an authenticated user can pass arbitrary OS commands through the username field. The username is…
CVE-2023-3261 — CVSS 7.5 (high): The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier contains a buffer overflow vulnerability in the librta.so.0.0.0…
CVE-2023-3260 — CVSS 7.2 (high): The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to command injection via the `user-name` URL…
CVE-2023-3264 — CVSS 6.7 (medium): The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the…