Vulnerability Details CVE-2019-11367
An issue was discovered in AUO Solar Data Recorder before 1.3.0. The web portal uses HTTP Basic Authentication and provides the account and password in the WWW-Authenticate attribute. By using this account and password, anyone can login successfully.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.037
EPSS Ranking 87.4%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://packetstormsecurity.com/files/153151/AUO-Solar-Data-Recorder-Incorrect-Access-Control.html
- https://drive.google.com/file/d/1H1L5s14Omnx1eJAdRlRninnqUKLJ_xDA/view
- https://github.com/nepenthe0320/cve_poc/blob/master/CVE-2019-11367
- http://packetstormsecurity.com/files/153151/AUO-Solar-Data-Recorder-Incorrect-Access-Control.html
- https://drive.google.com/file/d/1H1L5s14Omnx1eJAdRlRninnqUKLJ_xDA/view
- https://github.com/nepenthe0320/cve_poc/blob/master/CVE-2019-11367
Products affected by CVE-2019-11367
-
cpe:2.3:a:auo:solar_data_recorder:*