Headline
CVE-2023-39073: SNMP Web Pro 1.1 Arbitrary File Deletion
An issue in SNMP Web Pro v.1.1 allows a remote attacker to execute arbitrary code and obtain senstive information via a crafted request.
1. ADVISORY INFORMATION
=======================
Product: SNMP Web Pro 1.1
Vendor URL: https://voltronicpower.com/
Type: CWE-22
Date found: 2023-05-12
Date published: 2023-07-20
CVSSv3 Score: 9.1 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H/E:P/RL:U)
2. CREDITS
==========
This vulnerability was discovered and researched by Ph4nt0mByt3.
3. VERSIONS AFFECTED
====================
SNMP Web Pro 1.1
4. INTRODUCTION
===============
SNMP Web Pro 1.1 is a web interface to control UPS systems
5. VULNERABILITY DETAILS
========================
The web server allows crafted requests to delete system files
6. PROOF OF CONCEPT
========================
NOT PUBLIC
7. SOLUTION
=======================
Enable HTTP Basic