CVE-2024-32735
CRITICAL EXPLOITED NUCLEICyberPower PowerPanel < 2.8.3 - Unauthenticated PDNU REST API Access
Title source: llmExploitation Summary
CVE-2024-32735 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.
Description
An issue regarding missing authentication for certain utilities exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can access the PDNU REST APIs, which may result in compromise of the application.
Nuclei Templates (1)
CyberPower - Missing Authentication
CRITICALVERIFIEDby DhiyaneshDK
Shodan:
html:"<title>PDNU</title>"
References (2)
Core 2
Core References
Release Notes
https://www.cyberpower.com/global/en/File/GetFileSampleByType?fileId=SU-18070002-07&fileSubType=FileReleaseNote
Third Party Advisory
https://www.tenable.com/security/research/tra-2024-14
Scores
CVSS v3
9.8
EPSS
0.0677
EPSS Percentile
93.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
total
Details
VulnCheck KEV
2025-01-22
CWE
CWE-306
Status
published
Products (1)
cyberpower/powerpanel
< 2.8.3
Published
May 14, 2024
Tracked Since
Feb 18, 2026