Description
Power Distribution Units running on Powertek firmware (multiple brands) before 3.30.30 have an insecure permissions setting on the user.token field that is accessible to everyone through the /cgi/get_param.cgi HTTP API. This leads to disclosing active session ids of currently logged-in administrators. The session id can then be reused to act as the administrator, allowing reading of the cleartext password, or reconfiguring the device.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://gynvael.coldwind.pl/?lang=en&id=748
Scores
CVSS v3
9.8
EPSS
0.0057
EPSS Percentile
68.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-732
Status
published
Products (7)
powertekpdus/basic_pdu_firmware
< 3.30.30
powertekpdus/piml_pdu_firmware
< 3.30.30
powertekpdus/pm_pdu_firmware
< 3.30.30
powertekpdus/smart_pim_firmware
< 3.30.30
powertekpdus/smart_pom_firmware
< 3.30.30
powertekpdus/smart_poms_firmware
< 3.30.30
powertekpdus/smart_pos_firmware
< 3.30.30
Published
Jun 13, 2022
Tracked Since
Feb 18, 2026