Vulnerability Details CVE-2019-16261
Tripp Lite PDUMH15AT 12.04.0053 and SU750XL 12.04.0052 devices allow unauthenticated POST requests to the /Forms/ directory, as demonstrated by changing the manager or admin password, or shutting off power to an outlet. NOTE: the vendor's position is that a newer firmware version, fixing this vulnerability, had already been released before this vulnerability report about 12.04.0053.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 70.4%
CVSS Severity
CVSS v3 Score 9.1
CVSS v2 Score 8.5
References
Products affected by CVE-2019-16261
-
cpe:2.3:h:tripplite:pdumh15at:-
-
cpe:2.3:o:tripplite:pdumh15at_firmware:12.04.0053