← Volver a CVEs
CVE-2018-13313
MEDIUM6.5
Descripcion
In TOTOLINK A3002RU 1.0.8, the router provides a page that allows the user to change their account name and password. This page, password.htm, contains JavaScript which is used to confirm the user knows their current password before allowing them to change their password. However, this JavaScript contains the current user’s password in plaintext.
Detalles CVE
Puntuacion CVSS v3.16.5
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado2/24/2020
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
totolink:a3002rutotolink:a3002ru_firmware
Debilidades (CWE)
CWE-922
Referencias
https://blog.securityevaluators.com/new-vulnerabilities-in-totolink-a3002ru-d6f42a081154(cve@mitre.org)
https://www.ise.io/casestudies/sohopelessly-broken-2-0/(cve@mitre.org)
https://blog.securityevaluators.com/new-vulnerabilities-in-totolink-a3002ru-d6f42a081154(af854a3a-2127-422b-91ae-364da2661108)
https://www.ise.io/casestudies/sohopelessly-broken-2-0/(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.