Hardcoded credentials

2023-08-1405:15:00

PRIOn knowledge base

www.prio-n.com

dataprobe iboot pdu

hardcoded credentials

firmware vulnerability

postgres database

unauthorized access

9.6 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.3%

JSON

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database. A malicious agent with the ability to execute operating system commands on the device can leverage this vulnerability to read, modify, or delete arbitrary database records.

CPENameOperatorVersion
powerpanel_serverlt2.6.9
iboot-pdu4-c20_firmwarelt1.44.0804202
iboot-pdu4-n20_firmwarelt1.44.0804202
iboot-pdu4a-c10_firmwarelt1.44.0804202
iboot-pdu4a-c20_firmwarelt1.44.0804202
iboot-pdu4a-n15_firmwarelt1.44.0804202
iboot-pdu4a-n20_firmwarelt1.44.0804202
iboot-pdu4sa-c10_firmwarelt1.44.0804202
iboot-pdu4sa-c20_firmwarelt1.44.0804202
iboot-pdu4sa-n15_firmwarelt1.44.0804202

Name	Operator	Version
powerpanel_server	lt	2.6.9
iboot-pdu4-c20_firmware	lt	1.44.0804202
iboot-pdu4-n20_firmware	lt	1.44.0804202
iboot-pdu4a-c10_firmware	lt	1.44.0804202
iboot-pdu4a-c20_firmware	lt	1.44.0804202
iboot-pdu4a-n15_firmware	lt	1.44.0804202
iboot-pdu4a-n20_firmware	lt	1.44.0804202
iboot-pdu4sa-c10_firmware	lt	1.44.0804202
iboot-pdu4sa-c20_firmware	lt	1.44.0804202
iboot-pdu4sa-n15_firmware	lt	1.44.0804202