CVE-2026-22192: CWE-306 Missing Authentication for Critical Function in Voltronic Power SNMP Web Pro
Voltronic Power SNMP Web Pro version 1.1 contains an authentication bypass vulnerability that allows unauthenticated attackers to access privileged management functions by manipulating browser localStorage values. Attackers can modify client-side authentication state to bypass server-side access controls and gain unauthorized access to protected management functionality without valid credentials.
AI Analysis
Technical Summary
CVE-2026-22192 describes an authentication bypass vulnerability in Voltronic Power SNMP Web Pro version 1.1. The issue arises because the application relies on client-side localStorage values to enforce authentication state, which attackers can manipulate to bypass server-side access controls. This allows unauthenticated users to gain unauthorized access to privileged management functions. The vulnerability is classified under CWE-306 (Missing Authentication for Critical Function) and has a high CVSS 4.0 score of 8.8, indicating network exploitable, no privileges required, no user interaction, and high impact on integrity and availability.
Potential Impact
Successful exploitation allows unauthenticated attackers to bypass authentication and access privileged management functions within the affected product. This can lead to unauthorized configuration changes or management actions, potentially compromising device integrity and availability. There are no reported exploits in the wild, but the vulnerability poses a significant risk given the high CVSS score and the critical nature of the affected functions.
Mitigation Recommendations
No patch or official fix is currently available for this vulnerability. Since the product is not a cloud service, remediation depends on the vendor releasing an update. Until a fix is provided, users should restrict access to the management interface through network controls (e.g., firewall rules, VPN access) to trusted administrators only. Monitor vendor advisories for updates and apply patches promptly once available. Avoid relying on client-side authentication mechanisms for security.
CVE-2026-22192: CWE-306 Missing Authentication for Critical Function in Voltronic Power SNMP Web Pro
Description
Voltronic Power SNMP Web Pro version 1.1 contains an authentication bypass vulnerability that allows unauthenticated attackers to access privileged management functions by manipulating browser localStorage values. Attackers can modify client-side authentication state to bypass server-side access controls and gain unauthorized access to protected management functionality without valid credentials.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-22192 describes an authentication bypass vulnerability in Voltronic Power SNMP Web Pro version 1.1. The issue arises because the application relies on client-side localStorage values to enforce authentication state, which attackers can manipulate to bypass server-side access controls. This allows unauthenticated users to gain unauthorized access to privileged management functions. The vulnerability is classified under CWE-306 (Missing Authentication for Critical Function) and has a high CVSS 4.0 score of 8.8, indicating network exploitable, no privileges required, no user interaction, and high impact on integrity and availability.
Potential Impact
Successful exploitation allows unauthenticated attackers to bypass authentication and access privileged management functions within the affected product. This can lead to unauthorized configuration changes or management actions, potentially compromising device integrity and availability. There are no reported exploits in the wild, but the vulnerability poses a significant risk given the high CVSS score and the critical nature of the affected functions.
Mitigation Recommendations
No patch or official fix is currently available for this vulnerability. Since the product is not a cloud service, remediation depends on the vendor releasing an update. Until a fix is provided, users should restrict access to the management interface through network controls (e.g., firewall rules, VPN access) to trusted administrators only. Monitor vendor advisories for updates and apply patches promptly once available. Avoid relying on client-side authentication mechanisms for security.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulnCheck
- Date Reserved
- 2026-01-06T16:47:17.183Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 69b36fc02f860ef9434ef295
Added to database: 3/13/2026, 2:00:32 AM
Last enriched: 4/22/2026, 10:36:32 PM
Last updated: 4/28/2026, 1:45:47 AM
Views: 57
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.