Description
upsMonitor in ViewPower (aka ViewPowerHTML) 1.04-21012 through 1.04-21353 has insecure permissions for the service binary that enable an Authenticated User to modify files, allowing for privilege escalation.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://www.power-software-download.com/viewpower.html
Exploit, Patch, Technical Description, Third Party Advisory x_refsource_misc
https://www.0x90.zone/binary/reverse/exploitation/2020/08/16/Privilege-Escalation-ViewPower.html
Scores
CVSS v3
7.8
EPSS
0.0029
EPSS Percentile
20.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-276
Status
published
Products (1)
power-software-download/viewpower
1.04-21012 - 1.04-21353 (2 CPE variants)
Published
Aug 16, 2022
Tracked Since
Feb 18, 2026