CVE-2021-23281

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated remote code execution vulnerability. IPM software does not sanitize the date provided via coverterCheckList action in meta_driver_srv.js class. Attackers can send a specially crafted packet to make IPM connect to rouge SNMP server and execute attacker-controlled code.
Configurations

Configuration 1

cpe:2.3:a:eaton:intelligent_power_manager:*:*:*:*:*:*:*:*

Information

Published : 2021-04-13 07:15

Updated : 2021-04-20 05:55


NVD link : CVE-2021-23281

Mitre link : CVE-2021-23281

Products Affected
No products.
CWE