CVE-2019-9106

CRITICAL

SAET TEBE Small Firmware WebApp v04.68 - Path Traversal and Local File Inclusion via Menu Parameter

Title source: llm
STIX 2.1

Description

The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote attackers to execute or include local .php files, as demonstrated by menu=php://filter/convert.base64-encode/resource=index.php to read index.php.

References (2)

Core 2
Core References

Scores

CVSS v3 9.8
EPSS 0.0279
EPSS Percentile 84.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-22
Status published
Products (2)
saet/tebe_small_firmware 05.01 1137
saet/webapp 04.68
Published May 31, 2019
Tracked Since Feb 18, 2026