Sign-up

ID

VAR-201909-0565


CVE

CVE-2019-16261


TITLE

Tripp Lite PDUMH15AT Authentication vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-009338

DESCRIPTION

Tripp Lite PDUMH15AT 12.04.0053 and SU750XL 12.04.0052 devices allow unauthenticated POST requests to the /Forms/ directory, as demonstrated by changing the manager or admin password, or shutting off power to an outlet. NOTE: the vendor's position is that a newer firmware version, fixing this vulnerability, had already been released before this vulnerability report about 12.04.0053. Tripp Lite PDUMH15AT The device contains an authentication vulnerability.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. Tripp Lite PDUMH15AT is a metered PDU (Power Distribution Unit) device from Tripp Lite in the United States. An authorization issue vulnerability exists in Tripp Lite PDUMH15AT version 12.04.0053. This vulnerability stems from the lack of authentication measures or insufficient authentication strength in network systems or products

Trust: 1.71

sources: NVD: CVE-2019-16261 // JVNDB: JVNDB-2019-009338 // VULHUB: VHN-148390

AFFECTED PRODUCTS

vendor:tripplitemodel:pdumh15atscope:eqversion:12.04.0053

Trust: 1.6

vendor:tripp litemodel:pdumh15atscope:eqversion:12.04.0053

Trust: 0.8

vendor:tripplitemodel:pdumh15atscope:eqversion: -

Trust: 0.6

sources: JVNDB: JVNDB-2019-009338 // CNNVD: CNNVD-201909-642 // NVD: CVE-2019-16261

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-16261
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-16261
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201909-642
value: CRITICAL

Trust: 0.6

VULHUB: VHN-148390
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-16261
severity: HIGH
baseScore: 8.5
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 7.8
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-148390
severity: HIGH
baseScore: 8.5
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 7.8
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-16261
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: CVE-2019-16261
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-148390 // JVNDB: JVNDB-2019-009338 // CNNVD: CNNVD-201909-642 // NVD: CVE-2019-16261

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-148390 // JVNDB: JVNDB-2019-009338 // NVD: CVE-2019-16261

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201909-642

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-009338

PATCH
title:Top Pageurl:https://www.tripplite.com/
Trust: 0.8
title:Tripp Lite PDUMH15AT Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98221
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-009338 // 
            
            
            
            CNNVD: CNNVD-201909-642

EXTERNAL IDS
db:NVDid:CVE-2019-16261
Trust: 2.5
db:JVNDBid:JVNDB-2019-009338
Trust: 0.8
db:CNNVDid:CNNVD-201909-642
Trust: 0.7
db:VULHUBid:VHN-148390
Trust: 0.1
sources:
            
            
            VULHUB: VHN-148390 // 
            
            
            
            JVNDB: JVNDB-2019-009338 // 
            
            
            
            CNNVD: CNNVD-201909-642 // 
            
            
            
            NVD: CVE-2019-16261

REFERENCES
url:https://blog.korelogic.com/blog/2019/08/19/unpatched_fringe_infrastructure_bits
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2019-16261
Trust: 1.4
url:http://seclists.org/fulldisclosure/2025/mar/1
Trust: 1.0
url:https://gist.github.com/shlucus/ab762d6b148f2d2d046c956526a80ddc
Trust: 1.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-16261
Trust: 0.8
sources:
            
            
            VULHUB: VHN-148390 // 
            
            
            
            JVNDB: JVNDB-2019-009338 // 
            
            
            
            CNNVD: CNNVD-201909-642 // 
            
            
            
            NVD: CVE-2019-16261

SOURCES
db:VULHUBid:VHN-148390
db:JVNDBid:JVNDB-2019-009338
db:CNNVDid:CNNVD-201909-642
db:NVDid:CVE-2019-16261

LAST UPDATE DATE
2025-03-21T23:29:52.282000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-148390date:2019-09-13T00:00:00
db:JVNDBid:JVNDB-2019-009338date:2019-09-18T00:00:00
db:CNNVDid:CNNVD-201909-642date:2019-09-18T00:00:00
db:NVDid:CVE-2019-16261date:2025-03-21T14:15:13.737

SOURCES RELEASE DATE
db:VULHUBid:VHN-148390date:2019-09-12T00:00:00
db:JVNDBid:JVNDB-2019-009338date:2019-09-18T00:00:00
db:CNNVDid:CNNVD-201909-642date:2019-09-12T00:00:00
db:NVDid:CVE-2019-16261date:2019-09-12T15:15:11.157