Description
admincgi-bin/service.fcgi on Fronius Solar Inverter devices before 3.14.1 (HM 1.12.1) allows action=download&filename= Directory Traversal.
References (3)
Core 3
Core References
Exploit, Mailing List, Third Party Advisory x_refsource_misc
https://seclists.org/bugtraq/2019/Dec/5
Exploit, Third Party Advisory x_refsource_misc
https://sec-consult.com/en/blog/advisories/multiple-vulnerabilites-in-fronius-solar-inverter-series-cve-2019-19229-cve-2019-19228/
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/155562/Fronius-Solar-Inverter-Series-Insecure-Communication-Path-Traversal.html
Scores
CVSS v3
6.5
EPSS
0.0231
EPSS Percentile
81.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (50)
fronius/datamanager_box_2.0_firmware
< 3.14.1
fronius/eco_25.0-3-s_firmware
< 3.14.1
fronius/eco_27.0-3-s_firmware
< 3.14.1
fronius/galvo_1.5-1_208-240_firmware
< 3.14.1
fronius/galvo_1.5-1_firmware
< 3.14.1
fronius/galvo_2.0-1_208-240_firmware
< 3.14.1
fronius/galvo_2.0-1_firmware
< 3.14.1
fronius/galvo_2.5-1_208-240_firmware
< 3.14.1
fronius/galvo_2.5-1_firmware
< 3.14.1
fronius/galvo_3.0-1_firmware
< 3.14.1
... and 40 more
Published
Dec 04, 2019
Tracked Since
Feb 18, 2026