Upspowercom Upsmon Pro — known CVE vulnerabilities
Every CVE whose affected-product data names Upspowercom Upsmon Pro, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2022-38119 — CVSS 9.8 (critical): UPSMON Pro login function has insufficient authentication. An unauthenticated remote attacker can exploit this vulnerability to bypass…
CVE-2022-38122 — CVSS 7.5 (high): UPSMON PRO transmits sensitive data in cleartext over HTTP protocol. An unauthenticated remote attacker can exploit this vulnerability to…
CVE-2022-38120 — CVSS 6.5 (medium): UPSMON PRO’s has a path traversal vulnerability. A remote attacker with general user privilege can exploit this vulnerability to bypass…
CVE-2022-38121 — CVSS 6.5 (medium): UPSMON PRO configuration file stores user password in plaintext under public user directory. A remote attacker with general user privilege…