Command injection

2023-05-2223:15:00

PRIOn knowledge base

www.prio-n.com

command injection

sensitive data exposure

snmp exploit

device mac address

admin login

9.5 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

67.9%

JSON

The affected product exposes multiple sensitive data fields of the affected product. An attacker can use the SNMP command to get device mac address and login as admin.

CPENameOperatorVersion
iboot-pdu4-c20_firmwarelt1.42.06162022
iboot-pdu4-n20_firmwarelt1.42.06162022
iboot-pdu4a-c10_firmwarelt1.42.06162022
iboot-pdu4a-c20_firmwarelt1.42.06162022
iboot-pdu4a-n15_firmwarelt1.42.06162022
iboot-pdu4a-n20_firmwarelt1.42.06162022
iboot-pdu4sa-c10_firmwarelt1.42.06162022
iboot-pdu4sa-c20_firmwarelt1.42.06162022
iboot-pdu4sa-n15_firmwarelt1.42.06162022
iboot-pdu4sa-n20_firmwarelt1.42.06162022

Name	Operator	Version
iboot-pdu4-c20_firmware	lt	1.42.06162022
iboot-pdu4-n20_firmware	lt	1.42.06162022
iboot-pdu4a-c10_firmware	lt	1.42.06162022
iboot-pdu4a-c20_firmware	lt	1.42.06162022
iboot-pdu4a-n15_firmware	lt	1.42.06162022
iboot-pdu4a-n20_firmware	lt	1.42.06162022
iboot-pdu4sa-c10_firmware	lt	1.42.06162022
iboot-pdu4sa-c20_firmware	lt	1.42.06162022
iboot-pdu4sa-n15_firmware	lt	1.42.06162022
iboot-pdu4sa-n20_firmware	lt	1.42.06162022