Vulnerability Description
An issue was discovered in AUO Solar Data Recorder before 1.3.0. The web portal uses HTTP Basic Authentication and provides the account and password in the WWW-Authenticate attribute. By using this account and password, anyone can login successfully.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Auo | Solar Data Recorder | < 1.3.0 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/153151/AUO-Solar-Data-Recorder-Incorrect-AcExploitThird Party AdvisoryVDB Entry
- https://drive.google.com/file/d/1H1L5s14Omnx1eJAdRlRninnqUKLJ_xDA/viewExploitThird Party Advisory
- https://github.com/nepenthe0320/cve_poc/blob/master/CVE-2019-11367ExploitThird Party Advisory
- http://packetstormsecurity.com/files/153151/AUO-Solar-Data-Recorder-Incorrect-AcExploitThird Party AdvisoryVDB Entry
- https://drive.google.com/file/d/1H1L5s14Omnx1eJAdRlRninnqUKLJ_xDA/viewExploitThird Party Advisory
- https://github.com/nepenthe0320/cve_poc/blob/master/CVE-2019-11367ExploitThird Party Advisory
FAQ
What is CVE-2019-11367?
CVE-2019-11367 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An issue was discovered in AUO Solar Data Recorder before 1.3.0. The web portal uses HTTP Basic Authentication and provides the account and password in the WWW-Authenticate attribute. By using this ac...
How severe is CVE-2019-11367?
CVE-2019-11367 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-11367?
Check the references section above for vendor advisories and patch information. Affected products include: Auo Solar Data Recorder.