The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote attackers to make several types of API calls without authentication, as demonstrated by retrieving password hashes via an inc/utils/REST_API.php?command=CallAPI&customurl=alladminusers call.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2019-05-31T21:21:15
Updated: 2024-08-04T21:38:46.370Z
Reserved: 2019-02-24T00:00:00
Link: CVE-2019-9105
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-05-31T22:29:01.347
Modified: 2024-11-21T04:50:59.550
Link: CVE-2019-9105
Redhat
No data.