CVE-2012-5864

Sinapsitech Sinapsi Firmware < 2.0.2870 - Authentication Bypass

Title source: rule

Description

These Sinapsi devices do not check if users that visit pages within the device have properly authenticated. By directly visiting the pages within the device, attackers can gain unauthorized access with administrative privileges.

Exploits (1)

exploitdb WRITEUP

by Roberto Paleari · textwebappsphp

https://www.exploit-db.com/exploits/21273

View Code ZIP pw:eip

References (7)

Core 7

Core References

US Government Resource

http://www.us-cert.gov/control_systems/pdf/ICSA-12-325-01.pdf

Third Party Advisory, US Government Resource

https://www.cisa.gov/news-events/ics-advisories/icsa-12-325-01

Third Party Advisory, VDB Entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/80203

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/21273/

Exploit mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2012-09/0045.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/80200

Various Sources x_refsource_confirm

http://www.sinapsitech.it/default.asp?active_page_id=78&news_id=88

Scores

EPSS 0.1826

EPSS Percentile 95.2%

Details

CWE

CWE-264 CWE-287

Status published

Products (7)

Sinapsi/eSolar < 2.0.2870_xxx_2.2.12

Sinapsi/eSolar DUO < 2.0.2870_xxx_2.2.12

Sinapsi/eSolar Light < 2.0.2870_xxx_2.2.12

sinapsitech/esolar_duo_photovoltaic_system_monitor

sinapsitech/esolar_light_photovoltaic_system_monitor

sinapsitech/esolar_photovoltaic_system_monitor

sinapsitech/sinapsi_firmware < 2.0.2870

Published Nov 23, 2012

Tracked Since Feb 18, 2026