Dataprobe Iboot-pdu8a-c10 Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Dataprobe Iboot-pdu8a-c10 Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (11)
CVE-2023-3259 — CVSS 9.8 (critical): The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass. By manipulating the IP…
CVE-2022-47311 — CVSS 8.5 (high): A proprietary protocol for iBoot devices is used for control and keepalive commands. The function compares the username and password; it…
CVE-2022-47320 — CVSS 8.1 (high): The iBoot device’s basic discovery protocol assists in initial device configuration. The discovery protocol shows basic information about…
CVE-2023-3261 — CVSS 7.5 (high): The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier contains a buffer overflow vulnerability in the librta.so.0.0.0…
CVE-2023-3263 — CVSS 7.5 (high): The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass in the REST API due to the…
CVE-2022-46738 — CVSS 7.2 (high): The affected product exposes multiple sensitive data fields of the affected product. An attacker can use the SNMP command to get device mac…
CVE-2023-3260 — CVSS 7.2 (high): The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to command injection via the `user-name` URL…
CVE-2023-3264 — CVSS 6.7 (medium): The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the…
CVE-2023-3262 — CVSS 6.7 (medium): The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the…
CVE-2022-4945 — CVSS 6.5 (medium): The Dataprobe cloud usernames and passwords are stored in plain text in a specific file. Any user able to read this specific file from the…
CVE-2022-46658 — CVSS 6.5 (medium): The affected product is vulnerable to a stack-based buffer overflow which could lead to a denial of service or remote code execution.