Headline
CVE-2023-33274: (CVE-2023-33274) SNMP Web Pro 1.1 Authorization Bypass
The authentication mechanism in PowerShield SNMP Web Pro 1.1 contains a vulnerability that allows unauthenticated users to directly access Common Gateway Interface (CGI) scripts without proper identification or authorization. This vulnerability arises from a lack of proper cookie verification and affects all instances of SNMP Web Pro 1.1 without HTTP Digest authentication enabled, regardless of the password used for the web interface.
1. ADVISORY INFORMATION
=======================
Product: SNMP Web Pro 1.1
Vendor URL: https://voltronicpower.com/
Type: Improper Access Control [CWE-284]
Date found: 2023-05-12
Date published: 2023-06-30
CVSSv3 Score: 9.1 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H)
CVE: CVE-2023-33274
2. CREDITS
==========
This vulnerability was discovered and researched by Ph4nt0mByt3.
3. VERSIONS AFFECTED
====================
SNMP Web Pro 1.1
4. INTRODUCTION
===============
SNMP Web Pro 1.1 is a web interface to control UPS systems
5. VULNERABILITY DETAILS
========================
The web server allows make direct cgi requests without proper authorization, resulting in total control o UPS systems
6. PROOF OF CONCEPT
========================
Make a direct request to cgi endpoints to control over UPS.
7. SOLUTION
=======================
Enable HTTP Basic to prevent direct cgi requests with strength user:pass
8. REFERENCES
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33274