← Back to CVEs
CVE-2018-13313
MEDIUM6.5
Description
In TOTOLINK A3002RU 1.0.8, the router provides a page that allows the user to change their account name and password. This page, password.htm, contains JavaScript which is used to confirm the user knows their current password before allowing them to change their password. However, this JavaScript contains the current user’s password in plaintext.
CVE Details
CVSS v3.1 Score6.5
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
Published2/24/2020
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
totolink:a3002rutotolink:a3002ru_firmware
Weaknesses (CWE)
CWE-922
References
https://blog.securityevaluators.com/new-vulnerabilities-in-totolink-a3002ru-d6f42a081154(cve@mitre.org)
https://www.ise.io/casestudies/sohopelessly-broken-2-0/(cve@mitre.org)
https://blog.securityevaluators.com/new-vulnerabilities-in-totolink-a3002ru-d6f42a081154(af854a3a-2127-422b-91ae-364da2661108)
https://www.ise.io/casestudies/sohopelessly-broken-2-0/(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.