29 lines
No EOL
1.4 KiB
Text
29 lines
No EOL
1.4 KiB
Text
NPM-V(Network Power Manager) <= 2.4.1 Reset Password Vulnerability
|
|
|
|
Author: Saeed reza Zamanian [penetrationtest @ Linkedin]
|
|
Product: NPM-V
|
|
Affected Version : 2.4.1 and below
|
|
Vendor : http://www.china-clever.com
|
|
Product Link : http://www.china-clever.com/en/index.php/product?view=products&cid=125
|
|
Date: 2017 Sep 25
|
|
Manual: ftp://support.danbit.dk/N/NPOWER8IEC-E/NPM-V%20User%20Manual.pdf
|
|
|
|
|
|
[*] NPM Introduction:
|
|
The NPM(Network Power Manager) is a network manageable device that provides power monitoring,
|
|
controlling and managements to many equipments in the rack cabinet of data center all over the world through
|
|
LAN or WAN. For meeting with the restrictions and requirements in different environment, NPM supplies many
|
|
connection methods that user can manage it through its Web interface(HTTP or HTTPS), Serial connection, Telnet
|
|
or SNMP
|
|
[*] Vulnerability Details:
|
|
Based on security Check on this device , Authentication doesn't check on Device Admin Console
|
|
an attacker can access to management console pages directly and without authentication.
|
|
All files in these directories are directly accessible . /log/ /chart /device and /user .
|
|
|
|
[*] PoC:
|
|
An Attacker can directly access to below page and Add User or View Password or Change Administrator credential without authentication.
|
|
if you browse this page you will see an html page likely the image exists on Page 13 (Figure 1-4) on Device Users Manual.
|
|
http://[Device IP]/user/user.html
|
|
|
|
|
|
#EOF |