{"api_version":"1","generated_at":"2026-06-15T20:36:59+00:00","cve":"CVE-2007-6226","urls":{"html":"https://cve.report/CVE-2007-6226","api":"https://cve.report/api/cve/CVE-2007-6226.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2007-6226","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2007-6226"},"summary":{"title":"CVE-2007-6226","description":"The American Power Conversion (APC) AP7932 0u 30amp Switched Rack Power Distribution Unit (PDU), with rpdu 3.5.5 and aos 3.5.6, allows remote attackers to bypass authentication and obtain login access by making a login attempt while a different client is logged in, and then resubmitting the login attempt once the other client exits.","state":"PUBLISHED","assigner":"mitre","published_at":"2007-12-04 18:46:00","updated_at":"2026-04-23 00:35:47"},"problem_types":["CWE-287","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"7.1","severity":"","vector":"AV:N/AC:M/Au:N/C:N/I:N/A:C","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:C","baseScore":7.1,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"}}],"references":[{"url":"http://securityreason.com/securityalert/3418","name":"http://securityreason.com/securityalert/3418","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"APC Management Vulnerability - CXSecurity.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://securitytracker.com/id?1019018","name":"http://securitytracker.com/id?1019018","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityTracker.com Archives - APC Switched Rack Power Distribution Units Grant Access to Remote Users","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/38783","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/38783","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/26636","name":"http://www.securityfocus.com/bid/26636","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"APC Switched Rack PDU Authentication Bypass Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.securityfocus.com/archive/1/484363/100/0/threaded","name":"http://www.securityfocus.com/archive/1/484363/100/0/threaded","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2007-6226","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2007-6226","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2007","cve_id":"6226","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apc","cpe5":"oas","cpe6":"3.5.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"6226","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apc","cpe5":"switched_rack_pdu_firmware","cpe6":"3.5.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T15:54:27.182Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"1019018","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://securitytracker.com/id?1019018"},{"name":"20071129 APC Management Vulnerability","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://www.securityfocus.com/archive/1/484363/100/0/threaded"},{"name":"3418","tags":["third-party-advisory","x_refsource_SREASON","x_transferred"],"url":"http://securityreason.com/securityalert/3418"},{"name":"apc-pdu-unspecified-security-bypass(38783)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/38783"},{"name":"26636","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/26636"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2007-11-29T00:00:00.000Z","descriptions":[{"lang":"en","value":"The American Power Conversion (APC) AP7932 0u 30amp Switched Rack Power Distribution Unit (PDU), with rpdu 3.5.5 and aos 3.5.6, allows remote attackers to bypass authentication and obtain login access by making a login attempt while a different client is logged in, and then resubmitting the login attempt once the other client exits."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2018-10-15T20:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"1019018","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://securitytracker.com/id?1019018"},{"name":"20071129 APC Management Vulnerability","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://www.securityfocus.com/archive/1/484363/100/0/threaded"},{"name":"3418","tags":["third-party-advisory","x_refsource_SREASON"],"url":"http://securityreason.com/securityalert/3418"},{"name":"apc-pdu-unspecified-security-bypass(38783)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/38783"},{"name":"26636","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/26636"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2007-6226","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The American Power Conversion (APC) AP7932 0u 30amp Switched Rack Power Distribution Unit (PDU), with rpdu 3.5.5 and aos 3.5.6, allows remote attackers to bypass authentication and obtain login access by making a login attempt while a different client is logged in, and then resubmitting the login attempt once the other client exits."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"1019018","refsource":"SECTRACK","url":"http://securitytracker.com/id?1019018"},{"name":"20071129 APC Management Vulnerability","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/484363/100/0/threaded"},{"name":"3418","refsource":"SREASON","url":"http://securityreason.com/securityalert/3418"},{"name":"apc-pdu-unspecified-security-bypass(38783)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/38783"},{"name":"26636","refsource":"BID","url":"http://www.securityfocus.com/bid/26636"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2007-6226","datePublished":"2007-12-04T18:00:00.000Z","dateReserved":"2007-12-04T00:00:00.000Z","dateUpdated":"2024-08-07T15:54:27.182Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2007-12-04 18:46:00","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["CWE-287","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:C","baseScore":7.1,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apc:oas:3.5.6:*:*:*:*:*:*:*","matchCriteriaId":"E13B7C09-9C0B-4709-88D6-85B42B3A9CD7"},{"vulnerable":true,"criteria":"cpe:2.3:a:apc:switched_rack_pdu_firmware:3.5.5:*:*:*:*:*:*:*","matchCriteriaId":"96D6C17E-3012-404D-A122-F80A52AD268F"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2007","CveId":"6226","Ordinal":"1","Title":"CVE-2007-6226","CVE":"CVE-2007-6226","Year":"2007"},"notes":[{"CveYear":"2007","CveId":"6226","Ordinal":"1","NoteData":"The American Power Conversion (APC) AP7932 0u 30amp Switched Rack Power Distribution Unit (PDU), with rpdu 3.5.5 and aos 3.5.6, allows remote attackers to bypass authentication and obtain login access by making a login attempt while a different client is logged in, and then resubmitting the login attempt once the other client exits.","Type":"Description","Title":"CVE-2007-6226"},{"CveYear":"2007","CveId":"6226","Ordinal":"2","NoteData":"2007-12-04","Type":"Other","Title":"Published"},{"CveYear":"2007","CveId":"6226","Ordinal":"3","NoteData":"2018-10-15","Type":"Other","Title":"Modified"}]}}}