CVE-2019-19228

Critical

Fronius Solar Inverter devices before 3.14.1 (HM 1.12.1) allow attackers to bypass authentication because the password for the today…

mitre·CWE-312·Published 2019-12-04

CVSS

9.8

EPSS

0.02

KEV

Exploits

cve.orgen

183 chars

Fronius Solar Inverter devices before 3.14.1 (HM 1.12.1) allow attackers to bypass authentication because the password for the today account is stored in the /tmp/web_users.conf file.

NVDen

183 chars

Fronius Solar Inverter devices before 3.14.1 (HM 1.12.1) allow attackers to bypass authentication because the password for the today account is stored in the /tmp/web_users.conf file.

Los dispositivos Fronius Solar Inverter versiones anteriores a la versión 3.14.1 (HM versión 1.12.1), permiten a atacantes omitir la autenticación porque la contraseña de la cuenta today es almacenada en el archivo /tmp/web_users.conf.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	5.0	10.0	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H