Voltronic Power ViewPower and PowerShield NetGuard Remote Code Execution Vulnerability

A remote code execution vulnerability has been identified in Voltronic Power ViewPower versions through 1.04-24215, ViewPower Pro versions through 2.0-22165, and PowerShield NetGuard versions prior to 1.04-23292. The vulnerability arises from an exposed web interface that allows unauthenticated remote attackers to execute arbitrary code. This exploitation can occur immediately, regardless of the state or presence of a managed UPS.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the affected system.

Reproduction

The vulnerability can be reproduced by sending a request to the exposed web interface. This can be done without authentication or authorization, and does not require a connected UPS to be present.

Remediation

Users of PowerShield NetGuard can update to version 1.04-23292 or later to address this vulnerability. For Voltronic Power ViewPower or ViewPower Pro, no official patch is available, but users are advised to contact Voltronic Power customer support for more information.