VYPR

Network Management Card

by Apcupsd

CVEs (8)

  • CVE-2024-58310HigDec 11, 2025
    risk 0.57cvss epss 0.01

    APC Network Management Card 4 contains a path traversal vulnerability that allows unauthenticated attackers to access sensitive system files by manipulating URL parameters. Attackers can exploit directory traversal techniques to read critical system files like /etc/passwd by…

  • CVE-2009-1798Dec 28, 2009
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities on the Network Management Card (NMC) on American Power Conversion (APC) Switched Rack PDU (aka Rack Mount Power Distribution) devices and other devices allow remote attackers to inject arbitrary web script or HTML via…

  • CVE-2023-6032Nov 15, 2023
    risk 0.00cvss epss 0.01

    A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause a file system enumeration and file download when an attacker navigates to the Network Management Card via HTTPS.

  • CVE-2021-22815Jan 28, 2022
    risk 0.00cvss epss 0.01

    A CWE-200: Information Exposure vulnerability exists which could cause the troubleshooting archive to be accessed. Affected Products: 1-Phase Uninterruptible Power Supply (UPS) using NMC2 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 (NMC2):…

  • CVE-2021-22811Jan 28, 2022
    risk 0.00cvss epss 0.01

    A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause script execution when the request of a privileged account accessing the vulnerable web page is intercepted. Affected Products: 1-Phase…

  • CVE-2021-22810Jan 28, 2022
    risk 0.00cvss epss 0.01

    A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC pointing to a delete policy file.…

  • CVE-2018-7820Sep 17, 2019
    risk 0.00cvss epss 0.01

    A Credentials Management CWE-255 vulnerability exists in the APC UPS Network Management Card 2 AOS v6.5.6, which could cause Remote Monitoring Credentials to be viewed in plaintext when Remote Monitoring is enabled, and then disabled.

  • CVE-2009-1797Dec 28, 2009
    risk 0.00cvss epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities on the Network Management Card (NMC) on American Power Conversion (APC) Switched Rack PDU (aka Rack Mount Power Distribution) devices and other devices allow remote attackers to hijack the authentication of (1)…