Vulnerability Description
upsMonitor in ViewPower (aka ViewPowerHTML) 1.04-21012 through 1.04-21353 has insecure permissions for the service binary that enable an Authenticated User to modify files, allowing for privilege escalation.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Power-Software-Download | Viewpower | >= 1.04-21012, <= 1.04-21353 |
| Microsoft | Windows | - |
Related Weaknesses (CWE)
References
- https://www.0x90.zone/binary/reverse/exploitation/2020/08/16/Privilege-EscalatioExploitPatchTechnical Description
- https://www.power-software-download.com/viewpower.htmlVendor Advisory
- https://www.0x90.zone/binary/reverse/exploitation/2020/08/16/Privilege-EscalatioExploitPatchTechnical Description
- https://www.power-software-download.com/viewpower.htmlVendor Advisory
FAQ
What is CVE-2021-30490?
CVE-2021-30490 is a vulnerability with a CVSS score of 7.8 (HIGH). upsMonitor in ViewPower (aka ViewPowerHTML) 1.04-21012 through 1.04-21353 has insecure permissions for the service binary that enable an Authenticated User to modify files, allowing for privilege esca...
How severe is CVE-2021-30490?
CVE-2021-30490 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-30490?
Check the references section above for vendor advisories and patch information. Affected products include: Power-Software-Download Viewpower, Microsoft Windows.