Unauthenticated Access to Outlet State in Dataprobe iBoot-PDU Firmware
CVE-2022-3187 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where certain PHP pages only validate when a valid connection is established with the database. However, these PHP pages do not verify the validity of a user. Attackers could leverage this lack of verification to read the state of outlets.
Learn more about our User Device Pen Test.