CVE-2007-6226

APC OAS 3.5.6 and Switched Rack PDU Firmware 3.5.5 - Improper Authentication

Title source: llm
STIX 2.1

Description

The American Power Conversion (APC) AP7932 0u 30amp Switched Rack Power Distribution Unit (PDU), with rpdu 3.5.5 and aos 3.5.6, allows remote attackers to bypass authentication and obtain login access by making a login attempt while a different client is logged in, and then resubmitting the login attempt once the other client exits.

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1019018
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/484363/100/0/threaded
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/3418
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/38783
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/26636

Scores

EPSS 0.0185
EPSS Percentile 76.4%

Details

CWE
CWE-287
Status published
Products (2)
apc/oas 3.5.6
apc/switched_rack_pdu_firmware 3.5.5
Published Dec 04, 2007
Tracked Since Feb 18, 2026