Skip to main content

Primo 11 4 1 208 240 Firmware

2 CVEs product

Monthly

CVE-2019-19229 MEDIUM POC This Month

admincgi-bin/service.fcgi on Fronius Solar Inverter devices before 3.14.1 (HM 1.12.1) allows action=download&filename= Directory Traversal. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Datamanager Box 2 0 Firmware Eco 25 0 3 S Firmware Eco 27 0 3 S Firmware Galvo 1 5 1 Firmware +62
NVD
CVSS 3.1
6.5
EPSS
2.3%
CVE-2019-19228 CRITICAL POC Act Now

Fronius Solar Inverter devices before 3.14.1 (HM 1.12.1) allow attackers to bypass authentication because the password for the today account is stored in the /tmp/web_users.conf file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Datamanager Box 2 0 Firmware Eco 25 0 3 S Firmware Eco 27 0 3 S Firmware Galvo 1 5 1 Firmware +62
NVD
CVSS 3.1
9.8
EPSS
1.9%
EPSS 2% CVSS 6.5
MEDIUM POC This Month

admincgi-bin/service.fcgi on Fronius Solar Inverter devices before 3.14.1 (HM 1.12.1) allows action=download&filename= Directory Traversal. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Datamanager Box 2 0 Firmware Eco 25 0 3 S Firmware +64
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

Fronius Solar Inverter devices before 3.14.1 (HM 1.12.1) allow attackers to bypass authentication because the password for the today account is stored in the /tmp/web_users.conf file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Datamanager Box 2 0 Firmware Eco 25 0 3 S Firmware +64
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy