Home

Description

Voltronic Power SNMP Web Pro version 1.1 contains an authentication bypass vulnerability that allows unauthenticated attackers to access privileged management functions by manipulating browser localStorage values. Attackers can modify client-side authentication state to bypass server-side access controls and gain unauthorized access to protected management functionality without valid credentials.

PUBLISHED Reserved 2026-01-06 | Published 2026-03-13 | Updated 2026-04-22 | Assigner VulnCheck




HIGH: 8.8CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N

CRITICAL: 9.9CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:L

Problem types

CWE-306 Missing Authentication for Critical Function

Product status

Default status
unknown

1.1
affected

Credits

Jean-Marie Bourbon of Bourbon Offensive Security Services finder

VulnCheck coordinator

References

github.com/...192-22199_Voltronic-Power_Preauth_root_RCE.txt technical-description

www.boffsec-services.com/posts/sicuroweb-cve-2026-22191/ technical-description

voltronicpower.com/ product

www.vulncheck.com/...-authentication-bypass-via-localstorage third-party-advisory

cve.org (CVE-2026-22192)

nvd.nist.gov (CVE-2026-22192)

Download JSON