CVE-2018-9280

An issue was discovered on Eaton UPS 9PX 8000 SP devices. The appliance discloses the SNMP version 3 user's password. The web page displayed by the appliance contains the password in cleartext. Passwords of the read and write users could be retrieved by browsing the source code of the webpage.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:eaton:9px_ups_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:eaton:9px_ups:-:*:*:*:*:*:*:*

History

21 Nov 2024, 04:15

Type Values Removed Values Added
References () https://www.bishopfox.com/news/2018/10/eaton-ups-9px-8000-sp-multiple-vulnerabilities/ - Third Party Advisory () https://www.bishopfox.com/news/2018/10/eaton-ups-9px-8000-sp-multiple-vulnerabilities/ - Third Party Advisory

Information

Published : 2018-10-24 21:29

Updated : 2024-11-21 04:15


NVD link : CVE-2018-9280

Mitre link : CVE-2018-9280

CVE.ORG link : CVE-2018-9280


JSON object : View

Products Affected

eaton

  • 9px_ups_firmware
  • 9px_ups
CWE
CWE-522

Insufficiently Protected Credentials