CVE-2019-11367

Published: Jun 3, 2019Modified: Jun 17, 2026

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

An issue was discovered in AUO Solar Data Recorder before 1.3.0. The web portal uses HTTP Basic Authentication and provides the account and password in the WWW-Authenticate attribute. By using this account and password, anyone can login successfully.

Affected (1)

Products: Auo: Solar Data Recorder

1 product

Solar Data Recorder

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Auo Solar Data Recorder	Before 1.3.0

Related CWEs

Missing Encryption of Sensitive Data

The product does not encrypt sensitive or critical information before storage or transmission.

Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (6)

http://packetstormsecurity.com/files/153151/AUO-Solar-Data-Recorder-Incorrect-Access-Control.html

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

https://drive.google.com/file/d/1H1L5s14Omnx1eJAdRlRninnqUKLJ_xDA/view

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/nepenthe0320/cve_poc/blob/master/CVE-2019-11367

Source: cve@mitre.org

ExploitThird Party Advisory

http://packetstormsecurity.com/files/153151/AUO-Solar-Data-Recorder-Incorrect-Access-Control.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

https://drive.google.com/file/d/1H1L5s14Omnx1eJAdRlRninnqUKLJ_xDA/view

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://github.com/nepenthe0320/cve_poc/blob/master/CVE-2019-11367

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.