CVE-2022-33174 Distribution Units running Powertek firmware before 3.30.30 may have been vulnerable to remote authorization bypass.

This issue was disclosed to Powertek in November 2017. The vendor released version 3.30.30 in January 2018, which fixes the issue. Vendors who are using an older version are urged to upgrade. The article was added to this list when it became clear that the vendor had not issued a patch for the issue by the end of 2017.

Summary of Vulnerability

CVE-2022-33174 is an issue fixed by Powertek in version 3.30.30 released January 2018. Powertek released the update in response to the vulnerability being disclosed to them in November 2017 and not being fixed by the end of 2017 as previously believed.

Summary

The article details the vulnerability in Powertek's software. The article says that the vendor had not issued a patch for the issue by December 31, 2017. The article was added to this list when it became clear that the vendor had not released a patch for the issue by December 31, 2017.

Insufficient Transport Security (ISTS)

An issue was disclosed to Powertek in November 2017. The vendor released version 3.30.30 in January 2018, which fixes the issue. Vendors who are using an older version are urged to upgrade. The article was added to this list when it became clear that the vendor had not issued a patch for the issue by the end of 2017.

Insufficient Transport Security (ISTS) is a vulnerability in Powertek's products that allows attackers to bypass transport layer security (TLS) authentication and decrypt sessions between two devices connected via TLS or SSL-secured connections with Powertek devices installed on them.

Timeline

Published on: 06/13/2022 18:15:00 UTC
Last modified on: 06/27/2022 16:45:00 UTC

References