CVE-2019-9106

moderate-risk
Published 2019-05-31

The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote attackers to execute or include local .php files, as demonstrated by menu=php://filter/convert.base64-encode/resource=index.php to read index.php.

Do I need to act?

~
1.7% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (2)

Tebe Small Firmware
Webapp

Affected Vendors

Saet

References (4)

Exploit https://members.backbox.org/saet-tebe-small-supervisor-multiple-vulnerabilities/
Product https://www.saet.org/wp-content/uploads/2017/04/Depliant_TEBE-TEBE_Small.pdf
Exploit https://members.backbox.org/saet-tebe-small-supervisor-multiple-vulnerabilities/
Product https://www.saet.org/wp-content/uploads/2017/04/Depliant_TEBE-TEBE_Small.pdf
43
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 4/34 · Minimal
Exposure 7/34 · Low