Network Management Card
by Apcupsd
CVEs (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-58310 | Hig | 0.57 | — | 0.01 | Dec 11, 2025 | APC Network Management Card 4 contains a path traversal vulnerability that allows unauthenticated attackers to access sensitive system files by manipulating URL parameters. Attackers can exploit directory traversal techniques to read critical system files like /etc/passwd by… | ||
| CVE-2009-1798 | 0.03 | — | 0.02 | Dec 28, 2009 | Multiple cross-site scripting (XSS) vulnerabilities on the Network Management Card (NMC) on American Power Conversion (APC) Switched Rack PDU (aka Rack Mount Power Distribution) devices and other devices allow remote attackers to inject arbitrary web script or HTML via… | |||
| CVE-2023-6032 | 0.00 | — | 0.01 | Nov 15, 2023 | A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause a file system enumeration and file download when an attacker navigates to the Network Management Card via HTTPS. | |||
| CVE-2021-22815 | 0.00 | — | 0.01 | Jan 28, 2022 | A CWE-200: Information Exposure vulnerability exists which could cause the troubleshooting archive to be accessed. Affected Products: 1-Phase Uninterruptible Power Supply (UPS) using NMC2 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 (NMC2):… | |||
| CVE-2021-22811 | 0.00 | — | 0.01 | Jan 28, 2022 | A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause script execution when the request of a privileged account accessing the vulnerable web page is intercepted. Affected Products: 1-Phase… | |||
| CVE-2021-22810 | 0.00 | — | 0.01 | Jan 28, 2022 | A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC pointing to a delete policy file.… | |||
| CVE-2018-7820 | 0.00 | — | 0.01 | Sep 17, 2019 | A Credentials Management CWE-255 vulnerability exists in the APC UPS Network Management Card 2 AOS v6.5.6, which could cause Remote Monitoring Credentials to be viewed in plaintext when Remote Monitoring is enabled, and then disabled. | |||
| CVE-2009-1797 | 0.00 | — | 0.01 | Dec 28, 2009 | Multiple cross-site request forgery (CSRF) vulnerabilities on the Network Management Card (NMC) on American Power Conversion (APC) Switched Rack PDU (aka Rack Mount Power Distribution) devices and other devices allow remote attackers to hijack the authentication of (1)… |
- risk 0.57cvss —epss 0.01
APC Network Management Card 4 contains a path traversal vulnerability that allows unauthenticated attackers to access sensitive system files by manipulating URL parameters. Attackers can exploit directory traversal techniques to read critical system files like /etc/passwd by…
- CVE-2009-1798Dec 28, 2009risk 0.03cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities on the Network Management Card (NMC) on American Power Conversion (APC) Switched Rack PDU (aka Rack Mount Power Distribution) devices and other devices allow remote attackers to inject arbitrary web script or HTML via…
- CVE-2023-6032Nov 15, 2023risk 0.00cvss —epss 0.01
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause a file system enumeration and file download when an attacker navigates to the Network Management Card via HTTPS.
- CVE-2021-22815Jan 28, 2022risk 0.00cvss —epss 0.01
A CWE-200: Information Exposure vulnerability exists which could cause the troubleshooting archive to be accessed. Affected Products: 1-Phase Uninterruptible Power Supply (UPS) using NMC2 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 (NMC2):…
- CVE-2021-22811Jan 28, 2022risk 0.00cvss —epss 0.01
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause script execution when the request of a privileged account accessing the vulnerable web page is intercepted. Affected Products: 1-Phase…
- CVE-2021-22810Jan 28, 2022risk 0.00cvss —epss 0.01
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC pointing to a delete policy file.…
- CVE-2018-7820Sep 17, 2019risk 0.00cvss —epss 0.01
A Credentials Management CWE-255 vulnerability exists in the APC UPS Network Management Card 2 AOS v6.5.6, which could cause Remote Monitoring Credentials to be viewed in plaintext when Remote Monitoring is enabled, and then disabled.
- CVE-2009-1797Dec 28, 2009risk 0.00cvss —epss 0.01
Multiple cross-site request forgery (CSRF) vulnerabilities on the Network Management Card (NMC) on American Power Conversion (APC) Switched Rack PDU (aka Rack Mount Power Distribution) devices and other devices allow remote attackers to hijack the authentication of (1)…