Authentication flaw

2019-05-3122:29:00

PRIOn knowledge base

www.prio-n.com

7.7 High

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.5%

JSON

The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote attackers to make several types of API calls without authentication, as demonstrated by retrieving password hashes via an inc/utils/REST_API.php?command=CallAPI&customurl=alladminusers call.

CPENameOperatorVersion
tebe_small_firmwareeq5.1 1137
webappeq04.68

CPE	Name	Operator	Version
	tebe_small_firmware	eq	5.1 1137
	webapp	eq	04.68

References

members.backbox.org/saet-tebe-small-supervisor-multiple-vulnerabilities/

www.saet.org/wp-content/uploads/2017/04/Depliant_TEBE-TEBE_Small.pdf