CVE-2019-9105

{"id": "CVE-2019-9105", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2019-05-31T22:29:01.347", "references": [{"url": "https://members.backbox.org/saet-tebe-small-supervisor-multiple-vulnerabilities/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.saet.org/wp-content/uploads/2017/04/Depliant_TEBE-TEBE_Small.pdf", "tags": ["Product", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote attackers to make several types of API calls without authentication, as demonstrated by retrieving password hashes via an inc/utils/REST_API.php?command=CallAPI&customurl=alladminusers call."}, {"lang": "es", "value": "Los dispositivos WebApp v04.68 en el supervisor sobre SAET Impianti Speciali TEBE Small versi\u00f3n 05.01 ensamblado 1137, permiten a los atacantes remotos realizar varios tipos de llamadas de API sin identificaci\u00f3n, como es demostrado mediante la recuperaci\u00f3n del hashes de contrase\u00f1a por medio de una llamada inc/utils/REST_API.php?Command=CallAPI&customurl=llamar a alladminusers."}], "lastModified": "2021-07-21T11:39:23.747", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:saet:tebe_small_firmware:05.01:1137:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "51D8ECA8-1B1E-49C0-9793-F6696A1410DB"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:saet:tebe_small:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8B8B049A-5193-4432-B4BC-F5C72B385FBE"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:saet:webapp:04.68:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DEAD743F-2230-4D3E-8330-0CCFBDDB3348"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}