Vulnerability Details CVE-2019-9106
The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote attackers to execute or include local .php files, as demonstrated by menu=php://filter/convert.base64-encode/resource=index.php to read index.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.017
EPSS Ranking 81.0%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://members.backbox.org/saet-tebe-small-supervisor-multiple-vulnerabilities/
- https://www.saet.org/wp-content/uploads/2017/04/Depliant_TEBE-TEBE_Small.pdf
- https://members.backbox.org/saet-tebe-small-supervisor-multiple-vulnerabilities/
- https://www.saet.org/wp-content/uploads/2017/04/Depliant_TEBE-TEBE_Small.pdf
Products affected by CVE-2019-9106
-
cpe:2.3:a:saet:webapp:04.68
-
cpe:2.3:h:saet:tebe_small:-
-
cpe:2.3:o:saet:tebe_small_firmware:05.01