cnvd - cnvd-2025-21590

cnvd-2025-21590

Vulnerability from cnvd

Title

Voltronic Power ViewPower拒绝服务漏洞（CNVD-2025-21590）

Description

Voltronic Power ViewPower是Voltronic Power公司的一款适用于太阳能逆变器的监控和管理软件。 Voltronic Power ViewPower Pro存在拒绝服务漏洞，该漏洞是由于在允许访问功能之前缺乏身份验证造成的。攻击者可利用该漏洞导致拒绝服务。

Severity

高

Formal description

厂商尚未提供漏洞修复方案，请关注厂商主页更新： https://voltronicpower.com/

Reference

https://www.zerodayinitiative.com/advisories/ZDI-23-1877/

Impacted products

Name
Voltronic Power ViewPower Pro 2.0-22165

Show details on source website

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2023-51571",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2023-51571"
    }
  },
  "description": "Voltronic Power ViewPower\u662fVoltronic Power\u516c\u53f8\u7684\u4e00\u6b3e\u9002\u7528\u4e8e\u592a\u9633\u80fd\u9006\u53d8\u5668\u7684\u76d1\u63a7\u548c\u7ba1\u7406\u8f6f\u4ef6\u3002\n\nVoltronic Power ViewPower Pro\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8e\u5728\u5141\u8bb8\u8bbf\u95ee\u529f\u80fd\u4e4b\u524d\u7f3a\u4e4f\u8eab\u4efd\u9a8c\u8bc1\u9020\u6210\u7684\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://voltronicpower.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-21590",
  "openTime": "2025-09-18",
  "products": {
    "product": "Voltronic Power ViewPower Pro 2.0-22165"
  },
  "referenceLink": "https://www.zerodayinitiative.com/advisories/ZDI-23-1877/",
  "serverity": "\u9ad8",
  "submitTime": "2024-04-08",
  "title": "Voltronic Power ViewPower\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2025-21590\uff09"
}

CVE-2023-51571 (GCVE-0-2023-51571)

Vulnerability from cvelistv5

Published

2024-04-01 21:17

Modified

2024-08-27 15:33

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-306 - Missing Authentication for Critical Function

Summary

Voltronic Power ViewPower Pro SocketService Missing Authentication Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SocketService module, which listens on UDP port 41222 by default. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-21162.

References

URL

Tags

https://www.zerodayinitiative.com/advisories/ZDI-23-1877/

x_research-advisory

Impacted products

	Vendor	Product	Version
	Voltronic Power	ViewPower Pro	Version: 2.0-22165

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T22:40:32.559Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ZDI-23-1877",
            "tags": [
              "x_research-advisory",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1877/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:voltronicpower:viewpower_pro:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "viewpower_pro",
            "vendor": "voltronicpower",
            "versions": [
              {
                "status": "affected",
                "version": "2.0-22165"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-51571",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-02T15:09:17.525270Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-27T15:33:37.184Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "ViewPower Pro",
          "vendor": "Voltronic Power",
          "versions": [
            {
              "status": "affected",
              "version": "2.0-22165"
            }
          ]
        }
      ],
      "dateAssigned": "2023-12-20T14:45:49.239-06:00",
      "datePublic": "2023-12-20T17:08:47.145-06:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Voltronic Power ViewPower Pro SocketService Missing Authentication Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the SocketService module, which listens on UDP port 41222 by default. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-21162."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "CWE-306: Missing Authentication for Critical Function",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-01T21:17:40.851Z",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "name": "ZDI-23-1877",
          "tags": [
            "x_research-advisory"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1877/"
        }
      ],
      "source": {
        "lang": "en",
        "value": "Simon Janz (@esj4y)"
      },
      "title": "Voltronic Power ViewPower Pro SocketService Missing Authentication Denial-of-Service Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2023-51571",
    "datePublished": "2024-04-01T21:17:40.851Z",
    "dateReserved": "2023-12-20T20:38:20.866Z",
    "dateUpdated": "2024-08-27T15:33:37.184Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.