CVE-2024-31409

Summary

Certain MQTT wildcards are not blocked on the CyberPower PowerPanel

system, which might result in an attacker obtaining data from throughout the system after gaining access to any device.

Affected Software

VendorProductVersion RangeStatus
CyberPowerPowerPanel business0 < 4.9.0affected

Weaknesses

  • CWE-863: CWE-863 Incorrect Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References