Описание
Fronius Solar Inverter devices before 3.14.1 (HM 1.12.1) allow attackers to bypass authentication because the password for the today account is stored in the /tmp/web_users.conf file.
Fronius Solar Inverter devices before 3.14.1 (HM 1.12.1) allow attackers to bypass authentication because the password for the today account is stored in the /tmp/web_users.conf file.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2019-19228
- https://sec-consult.com/en/blog/advisories/multiple-vulnerabilites-in-fronius-solar-inverter-series-cve-2019-19229-cve-2019-19228
- https://seclists.org/bugtraq/2019/Dec/5
- http://packetstormsecurity.com/files/155562/Fronius-Solar-Inverter-Series-Insecure-Communication-Path-Traversal.html
EPSS
Процентиль: 47%
0.0024
Низкий
CVE ID
Связанные уязвимости
CVSS3: 9.8
nvd
около 6 лет назад
Fronius Solar Inverter devices before 3.14.1 (HM 1.12.1) allow attackers to bypass authentication because the password for the today account is stored in the /tmp/web_users.conf file.
EPSS
Процентиль: 47%
0.0024
Низкий