CVE-2007-6226

APC AP7932 - Auth Bypass

Title source: llm

Description

The American Power Conversion (APC) AP7932 0u 30amp Switched Rack Power Distribution Unit (PDU), with rpdu 3.5.5 and aos 3.5.6, allows remote attackers to bypass authentication and obtain login access by making a login attempt while a different client is logged in, and then resubmitting the login attempt once the other client exits.

References (5)

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/38783

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/484363/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/26636

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1019018

[Third Party Advisory] http://securityreason.com/securityalert/3418

Scores

EPSS 0.0029

EPSS Percentile 51.9%

Classification

CWE

CWE-287

Status draft

Affected Products (2)

apc/oas

apc/switched_rack_pdu_firmware

Timeline

Published Dec 04, 2007

Tracked Since Feb 18, 2026