TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center-POWERCOM CO., LTD. UPSMON PRO - Cleartext Transmission of Sensitive Information

Date:2022-11-10

Font-stze:

POWERCOM CO., LTD. UPSMON PRO - Cleartext Transmission of Sensitive Information

TVN ID	TVN-202208007
CVE ID	CVE-2022-38122
CVSS	7.5 (High) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products	Contact tech support from POWERCOM CO., LTD.
Description	UPSMON PRO transmits sensitive data in cleartext over HTTP protocol. An unauthenticated remote attacker can exploit this vulnerability to access sensitive data.
Solution	Contact tech support from POWERCOM CO., LTD.
Credit	Michael Heinzl
Public Date	2022-11-10