PT-2018-12224 · Sony · Musiccenter / Trivum Multiroom Setup Tool

Vulnc0D3

Publicado

2018-07-17

Atualizado

2019-10-03

CVE-2018-13858

CVSS v3.1

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions MusicCenter / Trivum Multiroom Setup Tool version 8.76

Description The issue allows unauthorized remote attackers to reboot or execute other functions. This can be achieved via the "/xml/system/control.xml" API endpoint, using the GET request with the action variable set to reboot, for example, "?action=reboot".

Recommendations For MusicCenter / Trivum Multiroom Setup Tool version 8.76, as a temporary workaround, consider restricting access to the "/xml/system/control.xml" API endpoint to minimize the risk of exploitation. Avoid using the action variable in the affected API endpoint until the issue is resolved.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2018-13858

Produtos afetados

Musiccenter / Trivum Multiroom Setup Tool

PT-2018-12224 · Sony · Musiccenter / Trivum Multiroom Setup Tool

CVE-2018-13858

Identificadores relacionados

Produtos afetados

Referências · 3