Unauthenticated Access to Outlet State in Dataprobe iBoot-PDU Firmware

Unauthenticated Access to Outlet State in Dataprobe iBoot-PDU Firmware

CVE-2022-3187 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where certain PHP pages only validate when a valid connection is established with the database. However, these PHP pages do not verify the validity of a user. Attackers could leverage this lack of verification to read the state of outlets.

Learn more about our User Device Pen Test.