CVE-2019-7666

HIGH

Prima Systems FlexAir <2.3.38 - Auth Bypass

Title source: llm

Description

Prima Systems FlexAir, Versions 2.3.38 and prior. The application allows improper authentication using the MD5 hash value of the password, which may allow an attacker with access to the database to login as admin without decrypting the password.

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · pythonwebappshardware

https://www.exploit-db.com/exploits/47644

View Code ZIP pw:eip

References (4)

[Third Party Advisory] https://applied-risk.com/labs/advisories

[Third Party Advisory] https://www.applied-risk.com/resources/ar-2019-007

[Third Party Advisory, US Government Resource] https://www.us-cert.gov/ics/advisories/icsa-19-211-02

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/155262/Prima-FlexAir-Access-Control-2.3.35-Database-Backup-Predictable-Name.html

Scores

CVSS v3 8.8

EPSS 0.1984

EPSS Percentile 95.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-287

Status published

Products (1)

primasystems/flexair < 2.3.38

Published Jul 01, 2019

Tracked Since Feb 18, 2026