CVE-2019-9105
HIGHSAET TEBE Small Firmware WebApp v04.68 - Unauthenticated API Access via REST_API.php
Title source: llmDescription
The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote attackers to make several types of API calls without authentication, as demonstrated by retrieving password hashes via an inc/utils/REST_API.php?command=CallAPI&customurl=alladminusers call.
References (2)
Core 2
Core References
Product, Vendor Advisory x_refsource_misc
https://www.saet.org/wp-content/uploads/2017/04/Depliant_TEBE-TEBE_Small.pdf
Exploit, Third Party Advisory x_refsource_misc
https://members.backbox.org/saet-tebe-small-supervisor-multiple-vulnerabilities/
Scores
CVSS v3
7.5
EPSS
0.0240
EPSS Percentile
81.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-306
Status
published
Products (2)
saet/tebe_small_firmware
05.01 1137
saet/webapp
04.68
Published
May 31, 2019
Tracked Since
Feb 18, 2026