CVE-2019-16261

Name of the Vulnerable Software and Affected Versions Tripp Lite PDUMH15AT version 12.04.0053

Description The issue allows unauthenticated POST requests to the "/Forms/" directory. This can be exploited to change the manager or admin password, or to shut off power to an outlet.

Recommendations For version 12.04.0053, update to a newer firmware version to resolve the issue. As a temporary workaround, consider restricting access to the "/Forms/" directory to prevent unauthenticated POST requests. Avoid using the device until the update is applied to minimize the risk of exploitation.