CVE-2019-9105

Опубликовано: 31 мая 2019

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote attackers to make several types of API calls without authentication, as demonstrated by retrieving password hashes via an inc/utils/REST_API.php?command=CallAPI&customurl=alladminusers call.

Ссылки

https://members.backbox.org/saet-tebe-small-supervisor-multiple-vulnerabilities/
Exploit
Third Party Advisory
https://www.saet.org/wp-content/uploads/2017/04/Depliant_TEBE-TEBE_Small.pdf
Product
Vendor Advisory
https://members.backbox.org/saet-tebe-small-supervisor-multiple-vulnerabilities/
Exploit
Third Party Advisory
https://www.saet.org/wp-content/uploads/2017/04/Depliant_TEBE-TEBE_Small.pdf
Product
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:saet:tebe_small_firmware:05.01:1137:*:*:*:*:*:*

cpe:2.3:h:saet:tebe_small:-:*:*:*:*:*:*:*

Конфигурация 2

cpe:2.3:a:saet:webapp:04.68:*:*:*:*:*:*:*

EPSS

Процентиль: 66%

0.00516

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-306

Связанные уязвимости

GHSA-46wg-w7gq-6q5h

github

больше 3 лет назад