CVE-2019-9106
CRITICALSAET TEBE Small Firmware WebApp v04.68 - Path Traversal and Local File Inclusion via Menu Parameter
Title source: llmDescription
The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote attackers to execute or include local .php files, as demonstrated by menu=php://filter/convert.base64-encode/resource=index.php to read index.php.
References (2)
Core 2
Core References
Product, Vendor Advisory x_refsource_misc
https://www.saet.org/wp-content/uploads/2017/04/Depliant_TEBE-TEBE_Small.pdf
Exploit, Third Party Advisory x_refsource_misc
https://members.backbox.org/saet-tebe-small-supervisor-multiple-vulnerabilities/
Scores
CVSS v3
9.8
EPSS
0.0279
EPSS Percentile
84.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-22
Status
published
Products (2)
saet/tebe_small_firmware
05.01 1137
saet/webapp
04.68
Published
May 31, 2019
Tracked Since
Feb 18, 2026