CVE-2019-16261
CRITICALTripp Lite PDUMH15AT and SU750XL <12.04.0053 <12.04.0052 - Unauthenticated Password Change and Power Control
Title source: llmDescription
Tripp Lite PDUMH15AT 12.04.0053 and SU750XL 12.04.0052 devices allow unauthenticated POST requests to the /Forms/ directory, as demonstrated by changing the manager or admin password, or shutting off power to an outlet. NOTE: the vendor's position is that a newer firmware version, fixing this vulnerability, had already been released before this vulnerability report about 12.04.0053.
References (3)
Core 3
Core References
Exploit, Third Party Advisory
https://blog.korelogic.com/blog/2019/08/19/unpatched_fringe_infrastructure_bits
Various Sources
https://gist.github.com/Shlucus/ab762d6b148f2d2d046c956526a80ddc
Mailing List
http://seclists.org/fulldisclosure/2025/Mar/1
Scores
CVSS v3
9.1
EPSS
0.0276
EPSS Percentile
84.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Details
CWE
CWE-287
Status
published
Products (1)
tripplite/pdumh15at_firmware
12.04.0053
Published
Sep 12, 2019
Tracked Since
Feb 18, 2026