CVE-2022-33174 Distribution Units running Powertek firmware before 3.30.30 may have been vulnerable to remote authorization bypass.

CVE-2022-33174 Distribution Units running Powertek firmware before 3.30.30 may have been vulnerable to remote authorization bypass.

This issue was disclosed to Powertek in November 2017. The vendor released version 3.30.30 in January 2018, which fixes the issue. Vendors who are using an older version are urged to upgrade. The article was added to this list when it became clear that the vendor had not issued a patch for the issue by the end of 2017.

Summary of Vulnerability

CVE-2022-33174 is an issue fixed by Powertek in version 3.30.30 released January 2018. Powertek released the update in response to the vulnerability being disclosed to them in November 2017 and not being fixed by the end of 2017 as previously believed.

Summary

The article details the vulnerability in Powertek's software. The article says that the vendor had not issued a patch for the issue by December 31, 2017. The article was added to this list when it became clear that the vendor had not released a patch for the issue by December 31, 2017.

Insufficient Transport Security (ISTS)

An issue was disclosed to Powertek in November 2017. The vendor released version 3.30.30 in January 2018, which fixes the issue. Vendors who are using an older version are urged to upgrade. The article was added to this list when it became clear that the vendor had not issued a patch for the issue by the end of 2017.

Insufficient Transport Security (ISTS) is a vulnerability in Powertek's products that allows attackers to bypass transport layer security (TLS) authentication and decrypt sessions between two devices connected via TLS or SSL-secured connections with Powertek devices installed on them.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe