Platform
linux
Component
voltronic-power-snmp-web-pro
Opgelost in
1.1.1
CVE-2026-22192 describes a critical authentication bypass vulnerability discovered in Voltronic Power SNMP Web Pro versions 1.1. This flaw allows unauthenticated attackers to gain privileged access to management functions by manipulating browser localStorage values, effectively bypassing server-side access controls. The vulnerability was publicly disclosed on 2026-03-13, and a patch is available in version 7.6.47.
The impact of this vulnerability is severe. An attacker can completely bypass authentication and gain full administrative control over the SNMP Web Pro device. This could lead to unauthorized configuration changes, data breaches (potentially including sensitive network information), and even complete device takeover. The ability to manipulate browser localStorage to circumvent authentication represents a significant security risk, as it bypasses standard security measures. Successful exploitation could allow an attacker to modify device settings, disrupt network operations, or exfiltrate sensitive data, potentially impacting the entire network infrastructure relying on the SNMP Web Pro device.
CVE-2026-22192 is currently not listed on the CISA KEV catalog. Public proof-of-concept exploits are not yet widely available, but the ease of exploitation (browser localStorage manipulation) suggests a medium probability of exploitation. The vulnerability's critical severity and the potential for widespread impact make it a high-priority concern for organizations using Voltronic Power SNMP Web Pro.
Organizations utilizing Voltronic Power SNMP Web Pro for network management, particularly those with exposed management interfaces or those lacking robust network segmentation, are at significant risk. Shared hosting environments where multiple users share the same SNMP Web Pro instance are also particularly vulnerable, as an attacker could potentially compromise the entire environment.
• linux / server:
journalctl -u snmpwebpro | grep -i "localStorage"• generic web:
curl -I <snmpwebpro_url> | grep -i "localStorage"disclosure
Exploit Status
EPSS
0.04% (12% percentiel)
CISA SSVC
CVSS-vector
The primary mitigation is to immediately upgrade Voltronic Power SNMP Web Pro to version 7.6.47 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds such as restricting access to the SNMP Web Pro interface from untrusted networks. Implement strict network segmentation to limit the potential blast radius of a successful attack. Monitor browser traffic for unusual localStorage modifications. While a WAF may not directly prevent this type of attack, it can be configured to detect and block suspicious requests based on known attack patterns. After upgrading, confirm the fix by attempting to access management functions without valid credentials and verifying that access is denied.
Werk het apparaat bij naar een gecorrigeerde versie die door Voltronic Power wordt geleverd. Controleer de officiële website van Voltronic Power of neem contact op met hun technische ondersteuning voor de nieuwste versie en update-instructies. Als tijdelijke maatregel, schakel webtoegang uit indien niet essentieel.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2026-22192 is a critical vulnerability in Voltronic Power SNMP Web Pro versions 1.1 that allows attackers to bypass authentication by manipulating browser localStorage, gaining unauthorized access to management functions.
If you are using Voltronic Power SNMP Web Pro version 1.1, you are affected by this vulnerability. Upgrade to version 7.6.47 or later to mitigate the risk.
The recommended fix is to upgrade to version 7.6.47 or later. If upgrading is not immediately possible, implement temporary workarounds such as restricting network access.
While no active exploitation has been publicly confirmed, the vulnerability's ease of exploitation suggests a potential for exploitation. Monitor your systems closely.
Please refer to the Voltronic Power website or contact their support team for the official advisory regarding CVE-2026-22192.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.