CRITICAL🇵🇱 Wersja polska

CVE-2023-51581

CVSS 9.8v3.0pub. 2024-05-03upd. 2025-07-09

Voltronic Power ViewPower MacMonitorConsole Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MacMonitorConsole class. The issue results from an exposed dangerous method. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-22034.

🤖 AI Analysis
How it works

The MacMonitorConsole class in the ViewPower application exposes a method that should not be accessible remotely (CWE-749: Exposed Dangerous Method or Function). An attacker can invoke this method over the network without providing any authentication credentials. This results in arbitrary code execution in the context of the user running the process.

Impact

An attacker can remotely execute arbitrary code on the vulnerable system without authentication, which may lead to complete system compromise, data confidentiality breach, and service availability disruption.

Mitigation & patch

Apply patches available from the vendor according to the references. Additionally, it is recommended to restrict network access to the ViewPower interface using firewall or network segmentation so that the application is not accessible from untrusted networks.

Who is affected

Voltronic Power ViewPower — versions indicated in vendor references (details in advisory ZDI-23-1886)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Voltronicpower Viewpower

    APP
    Voltronicpower
    1.04.21353
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2023-51576CRITICAL9.8PL ✓ten sam produkt

RCE przez deserializację w Voltronic Power ViewPower (port TCP 51099)

CVE-2023-51582CRITICAL9.8PL ✓ten sam produkt

Voltronic Power ViewPower — RCE przez wystawioną niebezpieczną metodę LinuxMonitorConsole

CVE-2023-51575CRITICAL9.8PL ✓ten sam produkt

Voltronic Power ViewPower — RCE przez niechronioną metodę w klasie MonitorConsole

CVE-2023-51574CRITICAL9.8PL ✓ten sam produkt

Voltronic Power ViewPower — pominięcie uwierzytelnienia przez exposed dangerous method

CVE-2023-51583CRITICAL9.8PL ✓ten sam produkt

RCE w Voltronic Power ViewPower — odsłonięta niebezpieczna metoda UpsScheduler