Vulnerability Details CVE-2021-30490
upsMonitor in ViewPower (aka ViewPowerHTML) 1.04-21012 through 1.04-21353 has insecure permissions for the service binary that enable an Authenticated User to modify files, allowing for privilege escalation.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 22.3%
CVSS Severity
CVSS v3 Score 7.8
References
- https://www.0x90.zone/binary/reverse/exploitation/2020/08/16/Privilege-Escalation-ViewPower.html
- https://www.power-software-download.com/viewpower.html
- https://www.0x90.zone/binary/reverse/exploitation/2020/08/16/Privilege-Escalation-ViewPower.html
- https://www.power-software-download.com/viewpower.html
Products affected by CVE-2021-30490
-
cpe:2.3:a:power-software-download:viewpower:1.04-21012
-
cpe:2.3:a:power-software-download:viewpower:1.04-21353
-
cpe:2.3:o:microsoft:windows:-