{"vulnerability": "CVE-2022-47190", "sightings": [{"uuid": "0590e9b3-47bb-4329-9c13-d556845068a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47190", "type": "published-proof-of-concept", "source": "https://t.me/ETHICALHACKERSCOMMUNITY2/2163", "content": "Thunderstorm is a modular framework to exploit UPS devices.  For now, only the CS-141 and NetMan 204 exploits will be available. The beta version of the framework will be released on the future.\n  CVE  Thunderstorm is currently capable of exploiting the following CVE:    CVE-2022-47186 \u2013 Unrestricted file Upload # [CS-141]  CVE-2022-47187 \u2013 Cross-Site Scripting via File upload # [CS-141]  CVE-2022-47188 \u2013 Arbitrary local file read via file upload # [CS-141]  CVE-2022-47189 \u2013 Denial of Service via file upload # [CS-141]  CVE-2022-47190 \u2013 Remote Code Execution (https://www.kitploit.com/search/label/Remote%20Code%20Execution) via file upload # [CS-141]  CVE-2022-47191 \u2013 Privilege Escalation (https://www.kitploit.com/search/label/Privilege%20Escalation) via file upload # [CS-141]  CVE-2022-47192 \u2013 Admin password reset via file upload # [CS-141]  CVE-2022-47891 \u2013 Admin password reset # [NetMan 204]  CVE-2022-47892 \u2013 Sensitive Information Disclosure (https://www.kitploit.com/search/label/Information%20Disclosure) # [NetMan 204]  CVE-2022-47893 \u2013 Remote Code Execution via file upload # [NetMan 204]    Requirements    Python 3  Install requirements.txt    Download  It is recommended to clone the complete repository or download the zip file.  You can do this by running the following command:  git clone https://github.com/JoelGMSec/Thunderstorm\n  Also, you probably need to download the original and the custom firmware.  You can download all requirements from here:  https://darkbyte.net/links/thunderstorm.php  Usage  - To be disclosed\n\n  The detailed guide of use can be found at the following link:    To be disclosed    License  This project is licensed under the GNU 3.0 license - see the LICENSE file for more details.  Credits and Acknowledgments  This tool has been created and designed from scratch by Joel G\u00e1mez Molina // @JoelGMSec  Contact  This software does not offer any kind of guarantee. Its use is exclusive for educational environments and / or security audits with the corresponding consent of the client. I am not responsible for its misuse or for any possible damage caused by it.  For more information, you can find me on Twitter as @JoelGMSec (https://twitter.com/JoelGMSec) and on my blog darkbyte.net (https://darkbyte.net/).  \n\nDownload Thunderstorm (https://github.com/JoelGMSec/Thunderstorm)", "creation_timestamp": "2023-03-06T18:07:35.000000Z"}]}