An issue was discovered on Eaton UPS 9PX 8000 SP devices. The administration panel is vulnerable to a CSRF attack on the change-password functionality. This vulnerability could be used to force a logged-in administrator to perform a silent password update. The affected forms are also vulnerable to Reflected Cross-Site Scripting vulnerabilities. This flaw could be triggered by driving an administrator logged into the Eaton application to a specially crafted web page. This attack could be done silently.
Add your gear to cvedb and we'll alert you only when eaton ships something exploited.
Check my exposure →This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.