Lucene search
Luca.ChiouEXPLOITPACK:AF37509608F5AEEC4FB3AF4677AC0A01HistoryJun 03, 2019 - 12:00 a.m.
AUO Solar Data Recorder 1.3.0 - Incorrect Access Control
2019-06-0300:00:00
Luca.Chiou
10
0.23 Low
EPSS
Percentile
96.6%
AUO Solar Data Recorder 1.3.0 - Incorrect Access Control
# Exploit Title: AUO Solar Data Recorder - Incorrect Access Control
# Date: 2019-04-16
# Exploit Author: Luca.Chiou
# Vendor Homepage: https://www.auo.com/zh-TW
# Version: AUO Solar Data Recorder all versions prior to v1.3.0
# Tested on: It is a proprietary devices: https://solar.auo.com/en-global/Support_Download_Center/index
# CVE: CVE-2019-11367
# 1. Description:
# In AUO Solar Data Recorder web page, it's use HTTP Basic Access Authentication.
# Once user access the files which are under path http://<host>/protect/,
# the website will response the plaintext account and password in WWW-Authenticate attribute.
# Attackers is capable to login AUO Solar Data Recorder successfully.
# 2. Proof of Concept:
# Access the files which are under path http://<host>/protect/ of AUO Solar Data Recorder.
# The website use HTTP Basic Access Authentication,
# and response the plaintext account and password in WWW-Authenticate attribute.
# By using the account and password in HTTP response,
# anyone can login AUO Solar Data Recorder successfully.Related
exploitdb
exploitdb
AUO Solar Data Recorder < 1.3.0 - Incorrect Access Control
2019-06-03 00:00:00
cvelist
cvelist
CVE-2019-11367
2019-06-03 20:16:01
nvd
nvd
CVE-2019-11367
2019-06-03 21:29:00
cve
cve
CVE-2019-11367
2019-06-03 21:29:00
packetstorm
packetstorm
AUO Solar Data Recorder Incorrect Access Control
2019-06-03 00:00:00
prion
prion
Hardcoded credentials
2019-06-03 21:29:00