CVE-2018-13861

Name of the Vulnerable Software and Affected Versions Trivum WebTouch Setup V9 version 2.53 build 13163

Description The issue allows unauthorized remote attackers to reboot or execute other functions. This can be achieved by accessing the "/xml/system/control.xml" URL using a GET request with parameters such as "?action=reboot".

Recommendations For Trivum WebTouch Setup V9 version 2.53 build 13163, as a temporary workaround, consider restricting access to the "/xml/system/control.xml" URL to minimize the risk of exploitation. Avoid using the action parameter in the affected URL until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.