CVE-2007-6226
APC OAS 3.5.6 and Switched Rack PDU Firmware 3.5.5 - Improper Authentication
Title source: llmDescription
The American Power Conversion (APC) AP7932 0u 30amp Switched Rack Power Distribution Unit (PDU), with rpdu 3.5.5 and aos 3.5.6, allows remote attackers to bypass authentication and obtain login access by making a login attempt while a different client is logged in, and then resubmitting the login attempt once the other client exits.
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1019018
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/484363/100/0/threaded
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/3418
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/38783
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/26636
Scores
EPSS
0.0185
EPSS Percentile
76.4%
Details
CWE
CWE-287
Status
published
Products (2)
apc/oas
3.5.6
apc/switched_rack_pdu_firmware
3.5.5
Published
Dec 04, 2007
Tracked Since
Feb 18, 2026