CVE-2019-11367
Description
An issue was discovered in AUO Solar Data Recorder before 1.3.0. The web portal uses HTTP Basic Authentication and provides the account and password in the WWW-Authenticate attribute. By using this account and password, anyone can login successfully.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
AUO Solar Data Recorder before 1.3.0 exposes HTTP Basic Auth credentials in the WWW-Authenticate header, allowing anyone to log in.
Vulnerability
The AUO Solar Data Recorder web portal prior to version 1.3.0 uses HTTP Basic Authentication and inadvertently includes the account and password in the WWW-Authenticate attribute of the HTTP response. This allows anyone who receives the response to obtain valid credentials. [1]
Exploitation
An attacker can intercept the HTTP response from the web portal or simply view the WWW-Authenticate header to extract the base64-encoded credentials. Decoding these credentials provides the plaintext username and password, which can then be used to authenticate to the web portal without any prior access. [1]
Impact
Successful exploitation grants an attacker full access to the Solar Data Recorder web interface. This could allow unauthorized viewing of solar data, modification of recorder settings, or further compromise of the device.
Mitigation
The issue is fixed in version 1.3.0 of the AUO Solar Data Recorder. Users should upgrade to this version or later. No workaround is available for earlier versions.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- AUO/Solar Data Recorderdescription
- Range: <1.3.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- packetstormsecurity.com/files/153151/AUO-Solar-Data-Recorder-Incorrect-Access-Control.htmlmitrex_refsource_MISC
- drive.google.com/file/d/1H1L5s14Omnx1eJAdRlRninnqUKLJ_xDA/viewmitrex_refsource_MISC
- github.com/nepenthe0320/cve_poc/blob/master/CVE-2019-11367mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.