cbcvebase.
CVE-2018-13315
published 2018-11-26

CVE-2018-13315: Incorrect access control in formPasswordSetup in TOTOLINK A3002RU version 1.0.8 allows attackers to change the admin user's password via an unauthenticated…

critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
Incorrect access control in formPasswordSetup in TOTOLINK A3002RU version 1.0.8 allows attackers to change the admin user's password via an unauthenticated POST request.

Affected

1 ranges
VendorProductVersion rangeFixed in
totolinka3002ru_firmware

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL