CVE-2019-9106 — CRITICAL (9.8)

Vulnerability Description

The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote attackers to execute or include local .php files, as demonstrated by menu=php://filter/convert.base64-encode/resource=index.php to read index.php.

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Saet	Tebe Small Firmware	05.01
Saet	Tebe Small	-
Saet	Webapp	04.68

Related Weaknesses (CWE)

CWE-22

References

https://members.backbox.org/saet-tebe-small-supervisor-multiple-vulnerabilities/ExploitThird Party Advisory
https://www.saet.org/wp-content/uploads/2017/04/Depliant_TEBE-TEBE_Small.pdfProductVendor Advisory
https://members.backbox.org/saet-tebe-small-supervisor-multiple-vulnerabilities/ExploitThird Party Advisory
https://www.saet.org/wp-content/uploads/2017/04/Depliant_TEBE-TEBE_Small.pdfProductVendor Advisory

FAQ

What is CVE-2019-9106?

CVE-2019-9106 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote attackers to execute or include local .php files, as demonstrated by menu=php://filter/c...

How severe is CVE-2019-9106?

CVE-2019-9106 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2019-9106?

Check the references section above for vendor advisories and patch information. Affected products include: Saet Tebe Small Firmware, Saet Tebe Small, Saet Webapp.