CVE-2021-30490

upsMonitor in ViewPower (aka ViewPowerHTML) 1.04-21012 through 1.04-21353 has insecure permissions for the service binary that enable an Authenticated User to modify files, allowing for privilege escalation.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 20%
VendorProductVersion
power-software-downloadviewpower
1.04-21012 ≤
𝑥
≤ 1.04-21353
power-software-downloadviewpower
1.04-21012 ≤
𝑥
≤ 1.04-21353
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.0x90.zone/binary/reverse/exploitation/2020/08/16/Privilege-Escalation-ViewPower.html
https://www.power-software-download.com/viewpower.html
https://www.0x90.zone/binary/reverse/exploitation/2020/08/16/Privilege-Escalation-ViewPower.html
https://www.power-software-download.com/viewpower.html