QwikSec

Security Database

CVE

CWE

Training

CVE-2019-9105

Published: May 31, 2019

Modified: Aug 4, 2024

PUBLISHED

Description

The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote attackers to make several types of API calls without authentication, as demonstrated by retrieving password hashes via an inc/utils/REST_API.php?command=CallAPI&customurl=alladminusers call.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.saet.org/wp-content/uploads/2017/04/Depliant_TEBE-TEBE_Small.pdf

x_refsource_MISC

https://members.backbox.org/saet-tebe-small-supervisor-multiple-vulnerabilities/

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.