Voltronic PowerView Exploit

CRITICAL (10.0) No Patch (114 days)
cwe-749cwe-94arbitrary-code-executionremote-exploitationups-softwarevoltronic-powerview

Threat Intelligence

⚠️ CRITICAL GAP - Exploits exist but no detection available
EPSS Score: 0.06% chance of exploitation (percentile: 20%)
🔍 Detection Tools: None available in major open-source tools
⚔️ Exploit Availability: GitHub PoC

How we test →

What is it?

Voltronic PowerView is a network-based UPS monitoring and management system. It allows users to remotely monitor and control their UPS devices. However, this vulnerability in Voltronic PowerView's web interface enables an attacker to execute arbitrary code on the server by exploiting a specific condition related to the detection of a managed UPS shutting down.

Am I affected?

You're affected if you use Voltronic Power ViewPower. Affected versions: 1.04, 2.0 If you don't recognise this software, you're probably not affected.

How to fix

To fix this vulnerability, upgrade to Voltronic PowerView version 1.04-24216 or later. Alternatively, if an immediate patch isn't available:

  • Restrict network access to your Voltronic PowerView instance (firewall it from the public internet)
  • Audit admin account activity for suspicious access patterns
  • Monitor for unauthorized token creation

References