7.5
CVE-2019-9105
- EPSS 0.52%
- Veröffentlicht 31.05.2019 22:29:01
- Zuletzt bearbeitet 21.11.2024 04:50:59
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginThe WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote attackers to make several types of API calls without authentication, as demonstrated by retrieving password hashes via an inc/utils/REST_API.php?command=CallAPI&customurl=alladminusers call.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Saet ≫ Tebe Small Firmware Version05.01 Update1137
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.52% | 0.639 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-306 Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.