Platform
linux
Component
voltronic-power-snmp-web-pro
Fixed in
1.1.1
CVE-2026-22192 describes a critical authentication bypass vulnerability discovered in Voltronic Power SNMP Web Pro versions 1.1. This flaw allows unauthenticated attackers to gain privileged access to management functions by manipulating browser localStorage values, effectively bypassing server-side access controls. The vulnerability was publicly disclosed on 2026-03-13, and a patch is available in version 7.6.47.
The impact of this vulnerability is severe. An attacker can completely bypass authentication and gain full administrative control over the SNMP Web Pro device. This could lead to unauthorized configuration changes, data breaches (potentially including sensitive network information), and even complete device takeover. The ability to manipulate browser localStorage to circumvent authentication represents a significant security risk, as it bypasses standard security measures. Successful exploitation could allow an attacker to modify device settings, disrupt network operations, or exfiltrate sensitive data, potentially impacting the entire network infrastructure relying on the SNMP Web Pro device.
CVE-2026-22192 is currently not listed on the CISA KEV catalog. Public proof-of-concept exploits are not yet widely available, but the ease of exploitation (browser localStorage manipulation) suggests a medium probability of exploitation. The vulnerability's critical severity and the potential for widespread impact make it a high-priority concern for organizations using Voltronic Power SNMP Web Pro.
Exploit Status
EPSS
0.04% (12% percentile)
CISA SSVC
CVSS Vector
The primary mitigation is to immediately upgrade Voltronic Power SNMP Web Pro to version 7.6.47 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds such as restricting access to the SNMP Web Pro interface from untrusted networks. Implement strict network segmentation to limit the potential blast radius of a successful attack. Monitor browser traffic for unusual localStorage modifications. While a WAF may not directly prevent this type of attack, it can be configured to detect and block suspicious requests based on known attack patterns. After upgrading, confirm the fix by attempting to access management functions without valid credentials and verifying that access is denied.
Actualice el dispositivo a una versión corregida proporcionada por Voltronic Power. Verifique el sitio web oficial de Voltronic Power o contacte con su soporte técnico para obtener la última versión y las instrucciones de actualización. Como medida temporal, desactive el acceso web si no es esencial.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-22192 is a critical vulnerability in Voltronic Power SNMP Web Pro versions 1.1 that allows attackers to bypass authentication by manipulating browser localStorage, gaining unauthorized access to management functions.
If you are using Voltronic Power SNMP Web Pro version 1.1, you are affected by this vulnerability. Upgrade to version 7.6.47 or later to mitigate the risk.
The recommended fix is to upgrade to version 7.6.47 or later. If upgrading is not immediately possible, implement temporary workarounds such as restricting network access.
While no active exploitation has been publicly confirmed, the vulnerability's ease of exploitation suggests a potential for exploitation. Monitor your systems closely.
Please refer to the Voltronic Power website or contact their support team for the official advisory regarding CVE-2026-22192.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.