Home/Product/cyberpower powerpanel
Product

cyberpower powerpanel

18 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2024-34025
<= 4.9.0
CyberPower PowerPanel business application code contains a hard-coded set of authentication credentials. This could result in an
9.8CRITICAL
 CVE-2024-33625
<= 4.9.0
CyberPower PowerPanel business application code contains a hard-coded JWT signing key. This could result in an attacker forging
9.8CRITICAL
 CVE-2024-32053
<= 4.9.0
Hard-coded credentials are used by the CyberPower PowerPanel platform to authenticate to the database, other services, and t
9.8CRITICAL
 CVE-2024-32047
<= 4.9.0
Hard-coded credentials for the CyberPower PowerPanel test server can be found in the production code. This might result in an at
9.8CRITICAL
 CVE-2024-32042
<= 4.9.0
The key used to encrypt passwords stored in the database can be found in the CyberPower PowerPanel application code, allowing t
4.9MEDIUM
 CVE-2024-31856
<= 4.9.0
An attacker with certain MQTT permissions can create malicious messages to all CyberPower PowerPanel devices. This could result i
8.8HIGH
 CVE-2024-31410
<= 4.9.0
The devices which CyberPower PowerPanel manages use identical certificates based on a hard-coded cryptographic key. This can allo
7.7HIGH
 CVE-2024-31409
<= 4.9.0
Certain MQTT wildcards are not blocked on the CyberPower PowerPanel system, which might result in an attacker obtaining data fro
6.5MEDIUM
 CVE-2024-32739
< 2.8.3
A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can
7.5HIGH
 CVE-2024-32738
< 2.8.3
A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can
7.5HIGH
 CVE-2024-32737
< 2.8.3
A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can
7.5HIGH
 CVE-2024-32736
< 2.8.3
A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can
7.5HIGH
 CVE-2024-32735
< 2.8.3
An issue regarding missing authentication for certain utilities exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An un
9.8CRITICAL
 CVE-2023-25133
<= 4.8.6
Improper privilege management vulnerability in default.cmd file in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier
9.1CRITICAL
 CVE-2023-25132
<= 4.8.6
Unrestricted upload of file with dangerous type vulnerability in default.cmd file in PowerPanel Business Local/Remote for Windows
9.1CRITICAL
 CVE-2023-25131
<= 4.8.6
Use of default password vulnerability in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Mana
9.4CRITICAL
 CVE-2019-13071
all versions
CSRF in the Agent/Center component of CyberPower PowerPanel Business Edition 3.4.0 allows an attacker to submit POST requests to a
8.8HIGH
 CVE-2019-13070
all versions
A stored XSS vulnerability in the Agent/Center component of CyberPower PowerPanel Business Edition 3.4.0 allows a privileged attac
5.4MEDIUM
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Recently exploited
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Coverage report
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns
About All capabilities Pricing API docs Live status Privacy policy Terms of service
threatengine.sh