CVE-2019-9105

The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote attackers to make several types of API calls without authentication, as demonstrated by retrieving password hashes via an inc/utils/REST_API.php?command=CallAPI&customurl=alladminusers call.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:saet:tebe_small_firmware:05.01:1137:*:*:*:*:*:*
cpe:2.3:h:saet:tebe_small:-:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:saet:webapp:04.68:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-05-31 22:29

Updated : 2024-02-04 20:20


NVD link : CVE-2019-9105

Mitre link : CVE-2019-9105

CVE.ORG link : CVE-2019-9105


JSON object : View

Products Affected

saet

  • webapp
  • tebe_small
  • tebe_small_firmware
CWE
CWE-306

Missing Authentication for Critical Function