漏洞标题
Voltronic Power ViewPower USBCommEx 关闭时暴露的危险方法远程代码执行漏洞
漏洞描述信息
Voltronic Power ViewPower USBCommEx 关机时暴露的危险方法远程代码执行漏洞。此漏洞允许远程攻击者在受影响的 Voltronic Power ViewPower Pro 安装上执行任意代码。利用此漏洞需要用户交互,因为管理员必须触发关机操作。
具体漏洞存在于关机方法中。问题源于暴露的危险方法。攻击者可以利用此漏洞以当前用户的上下文执行代码。这是 ZDI-CAN-22065。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
漏洞类别
释放后使用
漏洞标题
Voltronic Power ViewPower USBCommEx shutdown Exposed Dangerous Method Remote Code Execution Vulnerability
漏洞描述信息
Voltronic Power ViewPower USBCommEx shutdown Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. User interaction is required to exploit this vulnerability in that an administrator must trigger a shutdown operation.
The specific flaw exists within the shutdown method. The issue results from an exposed dangerous method. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-22065.
CVSS信息
N/A
漏洞类别
暴露危险的方法或函数
漏洞标题
Voltronic Power ViewPower 安全漏洞
漏洞描述信息
Voltronic Power ViewPower是Voltronic Power公司的一款适用于太阳能逆变器的监控和管理软件。 Voltronic Power ViewPower 存在安全漏洞,该漏洞源于USBCommEx shutdown 方法中存在特定缺陷,允许攻击者执行任意代码。
CVSS信息
N/A
漏洞类别
其他