go to Content
:::

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center

:::
Date:
Font-stze:

POWERCOM CO., LTD. UPSMON PRO - Insufficiently Protected Credentials

TVN ID TVN-202208006
CVE ID CVE-2022-38121
CVSS 6.5 (Medium)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Products POWERCOM CO., LTD. UPSMON PRO version 2.57
Description UPSMON PRO configuration file stores user password in plaintext under public user directory. A remote attacker with general user privilege can access all users‘ and administrators' account names and passwords via this unprotected configuration file.
Solution Contact tech support from POWERCOM CO., LTD.
Credit Michael Heinzl
Public Date 2022-11-10
Top