CVE-2024-32735

CRITICAL EXPLOITED NUCLEI

Cyberpower Powerpanel < 2.8.3 - Missing Authentication

Title source: rule

Description

An issue regarding missing authentication for certain utilities exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can access the PDNU REST APIs, which may result in compromise of the application.

Nuclei Templates (1)

CyberPower - Missing Authentication

CRITICALVERIFIEDby DhiyaneshDK

Shodan: html:"<title>PDNU</title>"

References (2)

[Release Notes] https://www.cyberpower.com/global/en/File/GetFileSampleByType?fileId=SU-18070002-07&fileSubType=FileReleaseNote

[Third Party Advisory] https://www.tenable.com/security/research/tra-2024-14

Scores

CVSS v3 9.8

EPSS 0.7550

EPSS Percentile 98.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2025-01-22

CWE

CWE-306

Status published

Products (1)

cyberpower/powerpanel < 2.8.3

Published May 14, 2024

Tracked Since Feb 18, 2026