CVE-2018-12031

CRITICAL EXPLOITED NUCLEI

Eaton Intelligent Power Manager <1.6 - Path Traversal

Title source: llm

Description

Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via server/node_upgrade_srv.js directory traversal with the firmware parameter in a downloadFirmware action.

Exploits (1)

nomisec WORKING POC 4 stars

by EmreOvunc · infoleak

https://github.com/EmreOvunc/Eaton-Intelligent-Power-Manager-Local-File-Inclusion

View Code ZIP pw:eip

Nuclei Templates (1)

Eaton Intelligent Power Manager 1.6 - Directory Traversal

CRITICALby daffainfo

References (1)

[Exploit, Third Party Advisory] https://github.com/EmreOvunc/Eaton-Intelligent-Power-Manager-Local-File-Inclusion

Scores

CVSS v3 9.8

EPSS 0.7484

EPSS Percentile 98.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2023-11-26

CWE

CWE-22

Status published

Products (1)

eaton/intelligent_power_manager 1.6

Published Jun 07, 2018

Tracked Since Feb 18, 2026