CVE-2019-16261

Sažetak

Tripp Lite PDUMH15AT 12.04.0053 and SU750XL 12.04.0052 devices allow unauthenticated POST requests to the /Forms/ directory, as demonstrated by changing the manager or admin password, or shutting off power to an outlet. NOTE: the vendor's position is that a newer firmware version, fixing this vulnerability, had already been released before this vulnerability report about 12.04.0053.

Reference

https://blog.korelogic.com/blog/2019/08/19/unpatched_fringe_infrastructure_bits
https://gist.github.com/Shlucus/ab762d6b148f2d2d046c956526a80ddc
http://seclists.org/fulldisclosure/2025/Mar/1
https://blog.korelogic.com/blog/2019/08/19/unpatched_fringe_infrastructure_bits

CVSS

Base:	8.5
Impact:	7.8
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	COMPLETE

CVSS vektor

AV:N/AC:L/Au:N/C:N/I:P/A:C

Zadnje važnije ažuriranje

21-03-2025 - 14:15

Objavljeno

12-09-2019 - 15:15