CRITICAL🇵🇱 Wersja polska

CVE-2023-51573

CVSS 9.8v3.0pub. 2024-04-01upd. 2025-07-07

Voltronic Power ViewPower Pro updateManagerPassword Exposed Dangerous Function Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability. The specific flaw exists within the updateManagerPassword function. The issue results from the exposure of a dangerous function. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-21203.

🤖 AI Analysis
How it works

The vulnerability lies in the updateManagerPassword function, which is available without prior authentication and performs a dangerous administrative operation. The problem results from exposing this function externally without appropriate access control (CWE-749 — Exposed Dangerous Method or Function). An attacker can directly invoke this function over the network, bypassing any login mechanisms implemented in the application.

Impact

An attacker gains the ability to bypass authentication in the system, which may lead to takeover of the power management application, and consequently to unauthorized access, data modification, and system availability disruption.

Mitigation & patch

Apply patches available from the manufacturer in accordance with the references. It is also recommended to restrict network access to the ViewPower Pro management interface exclusively to trusted hosts and internal networks (e.g., via firewall or VPN) until the fix is deployed.

Who is affected

Voltronic Power ViewPower Pro — versions indicated in the manufacturer's references (ZDI-23-1879 advisory)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Voltronicpower Viewpower

    APP
    Voltronicpower
    2.0-22165
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2023-51576CRITICAL9.8PL ✓ten sam produkt

RCE przez deserializację w Voltronic Power ViewPower (port TCP 51099)

CVE-2023-51581CRITICAL9.8PL ✓ten sam produkt

Voltronic Power ViewPower — RCE przez odsłoniętą niebezpieczną metodę klasy MacMonitorConsole

CVE-2023-51574CRITICAL9.8PL ✓ten sam produkt

Voltronic Power ViewPower — pominięcie uwierzytelnienia przez exposed dangerous method

CVE-2023-51575CRITICAL9.8PL ✓ten sam produkt

Voltronic Power ViewPower — RCE przez niechronioną metodę w klasie MonitorConsole

CVE-2023-51582CRITICAL9.8PL ✓ten sam produkt

Voltronic Power ViewPower — RCE przez wystawioną niebezpieczną metodę LinuxMonitorConsole