CVE Vulnerability

CVE-2019-16261

Tripp Lite PDUMH15AT 12.04.0053 devices allow unauthenticated POST requests to the /Forms/ directory, as demonstrated by changing the manager or admin password, or shutting off power to an outlet. NOTE: the vendor's position is that a newer firmware version, fixing this vulnerability, had already been released before this vulnerability report about 12.04.0053.

8.5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 7.8

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact COMPLETE

Scope

9.1 /10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://blog.korelogic.com/blog/2019/08/19/unpatched_fringe_infrastructure_bits Exploit Third Party Advisory
Configurations

Configuration 1
Information

Published : 2019-09-12 03:15

Updated : 2019-09-13 04:55

NVD link : CVE-2019-16261

Mitre link : CVE-2019-16261

Products Affected

Pdumh15at Firmware

Tripplite

CWE
CWE-287