PT-2019-14604 · Tripplite · Pdumh15At

Jim Becher

Published

2019-09-12

Updated

2025-03-21

CVE-2019-16261

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions Tripp Lite PDUMH15AT version 12.04.0053

Description The issue allows unauthenticated POST requests to the "/Forms/" directory. This can be exploited to change the manager or admin password, or to shut off power to an outlet.

Recommendations For version 12.04.0053, update to a newer firmware version to resolve the issue. As a temporary workaround, consider restricting access to the "/Forms/" directory to prevent unauthenticated POST requests. Avoid using the device until the update is applied to minimize the risk of exploitation.

Exploit

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2019-16261

Affected Products

Pdumh15At

PT-2019-14604 · Tripplite · Pdumh15At

CVE-2019-16261

Weakness Enumeration

Related Identifiers

Affected Products

References · 7