PT-2018-11740 · Totolink · Totolink A3002Ru
Publicado
2018-11-26
·
Atualizado
2018-12-20
·
CVE-2018-13317
CVSS v3.1
6.1
Média
| Vetor | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
TOTOLINK A3002RU version 1.0.8
Description
The issue allows attackers to obtain the plaintext password for the admin user by making a GET request for "password.htm". This affects the security of the device as it potentially exposes the admin credentials.
Recommendations
For TOTOLINK A3002RU version 1.0.8, consider restricting access to the "password.htm" file until a patch is available. Avoid using the default admin credentials and change them as soon as possible to minimize the risk of exploitation.
Exploit
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Totolink A3002Ru