Search Results (6 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-22199 3 Gvectors, Voltronicpower, Wordpress 3 Wpdiscuz, Snmp Web Pro, Wordpress 2026-07-14 7.5 High
Voltronic Power SNMP Web Pro version 1.1 contains a pre-authentication path traversal vulnerability in the upload.cgi endpoint that allows unauthenticated attackers to read arbitrary files on the device filesystem by supplying directory traversal sequences in the params parameter. Attackers can exploit this vulnerability to disclose sensitive files such as password hashes, which can be cracked offline to obtain root-level access and enable full system compromise.
CVE-2026-22192 3 Gvectors, Voltronicpower, Wordpress 3 Wpdiscuz, Snmp Web Pro, Wordpress 2026-07-14 9.9 Critical
Voltronic Power SNMP Web Pro version 1.1 contains an authentication bypass vulnerability that allows unauthenticated attackers to access privileged management functions by manipulating browser localStorage values. Attackers can modify client-side authentication state to bypass server-side access controls and gain unauthorized access to protected management functionality without valid credentials.
CVE-2025-65287 2 Cdpenergy, Voltronicpower 3 Snmp Web Pro, Snmp Web Pro Firmware, Snmp Web Pro 2025-12-15 7.5 High
An unauthenticated directory traversal vulnerability in cgi-bin/upload.cgi in SNMP Web Pro 1.1 allows a remote attacker to read arbitrary files. The CGI concatenates the user-supplied params directly onto the base path (/var/www/files/userScript/) using memcpy + strcat without validation or canonicalization, enabling ../ sequences to escape the intended directory. The download branch also echoes the unsanitized params into Content-Disposition, introducing header-injection risk.
CVE-2023-49563 1 Voltronicpower 1 Snmp Web Pro 2024-11-21 6.1 Medium
Cross Site Scripting (XSS) in Voltronic Power SNMP Web Pro v.1.1 allows an attacker to execute arbitrary code via a crafted script within a request to the webserver.
CVE-2023-39073 1 Voltronicpower 1 Snmp Web Pro 2024-11-21 9.8 Critical
An issue in SNMP Web Pro v.1.1 allows a remote attacker to execute arbitrary code and obtain senstive information via a crafted request.
CVE-2023-33274 1 Voltronicpower 1 Snmp Web Pro 2024-11-21 9.8 Critical
The authentication mechanism in PowerShield SNMP Web Pro 1.1 contains a vulnerability that allows unauthenticated users to directly access Common Gateway Interface (CGI) scripts without proper identification or authorization. This vulnerability arises from a lack of proper cookie verification and affects all instances of SNMP Web Pro 1.1 without HTTP Digest authentication enabled, regardless of the password used for the web interface.