CVE-2018-13315 — Improper Input Validation in A3002ru Firmware
Severity
9.8CRITICALNVD
EPSS
0.7%
top 27.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedNov 26
Latest updateMay 14
Description
Incorrect access control in formPasswordSetup in TOTOLINK A3002RU version 1.0.8 allows attackers to change the admin user's password via an unauthenticated POST request.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9