CVE-2018-13315

Published: Nov 26, 2018Modified: Nov 21, 2024

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Incorrect access control in formPasswordSetup in TOTOLINK A3002RU version 1.0.8 allows attackers to change the admin user's password via an unauthenticated POST request.

Affected (1)

Products: Totolink: A3002ru Firmware

Totolink

1 product

A3002ru Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Totolink A3002ru Firmware	Version 1.0.8

Running on/with	Platform Versions
Totolink A3002ru	All versions

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

https://blog.securityevaluators.com/new-vulnerabilities-in-totolink-a3002ru-d6f42a081154

Source: cve@mitre.org

ExploitThird Party Advisory

https://blog.securityevaluators.com/new-vulnerabilities-in-totolink-a3002ru-d6f42a081154

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.