Vulnc0D3

**Name of the Vulnerable Software and Affected Versions** Wi2be SMART HP WMT version 1.2.20 201400922 **Description** The issue allows unauthorized remote attackers to backup the device configuration. This is achieved by sending a direct request to the "/Maintenance/configfile.cfg" API endpoint. **Recommendations** For version 1.2.20 201400922, consider restricting access to the "/Maintenance/configfile.cfg" API endpoint to prevent unauthorized configuration backups until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Wi2be SMART HP WMT version 1.2.20 201400922 **Description** The issue allows unauthorized remote attackers to reset the admin password via the "ConfigWizard/ChangePwd.esp?2admin" API endpoint. After a successful attack, attackers can login using the `username` "admin" with `password` "admin". **Recommendations** For version 1.2.20 201400922, as a temporary workaround, consider restricting access to the "ConfigWizard/ChangePwd.esp?2admin" API endpoint until a patch is available. Avoid using the default "admin" `username` and `password` in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Wi2be SMART HP WMT version 1.2.20 201400922 **Description** The issue allows unauthorized remote attackers to obtain sensitive information. This is achieved via the "Status/SystemStatusRpm.esp" API endpoint. **Recommendations** For version 1.2.20 201400922, consider restricting access to the "/Status/SystemStatusRpm.esp" API endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Trivum WebTouch Setup V9 version 2.53 build 13163 **Description** The issue allows unauthorized remote attackers to reboot or execute other functions. This can be achieved by accessing the "/xml/system/control.xml" URL using a GET request with parameters such as "?action=reboot". **Recommendations** For Trivum WebTouch Setup V9 version 2.53 build 13163, as a temporary workaround, consider restricting access to the "/xml/system/control.xml" URL to minimize the risk of exploitation. Avoid using the `action` parameter in the affected URL until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MusicCenter / Trivum Multiroom Setup Tool version 8.76 **Description** The issue allows unauthorized remote attackers to reboot or execute other functions. This can be achieved via the "/xml/system/control.xml" API endpoint, using the GET request with the `action` variable set to `reboot`, for example, "?action=reboot". **Recommendations** For MusicCenter / Trivum Multiroom Setup Tool version 8.76, as a temporary workaround, consider restricting access to the "/xml/system/control.xml" API endpoint to minimize the risk of exploitation. Avoid using the `action` variable in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Trivum WebTouch Setup V9 version 2.53 build 13163 **Description** The issue allows unauthorized remote attackers to reset authentication settings, enabling them to login without authorization. This can be achieved by sending a GET request to the "/xml/system/setAttribute.xml" URL with the parameters `id=0`, `attr=protectAccess`, and `newValue=0`. **Recommendations** For Trivum WebTouch Setup V9 version 2.53 build 13163, as a temporary workaround, consider restricting access to the "/xml/system/setAttribute.xml" URL to minimize the risk of exploitation. Avoid using the `id`, `attr`, and `newValue` parameters in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MusicCenter / Trivum Multiroom Setup Tool versions prior to V9.34 build 13381 **Description** The issue allows unauthorized remote attackers to reset authentication via the "/xml/system/setAttribute.xml" API endpoint, using a GET request with parameters `id=0`, `attr=protectAccess`, and `newValue=0`. A successful attack enables attackers to login without authorization. **Recommendations** For versions prior to V9.34 build 13381, update to version V9.34 build 13381 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/xml/system/setAttribute.xml" API endpoint to minimize the risk of exploitation. Avoid using the `id`, `attr`, and `newValue` parameters in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** MusicCenter / Trivum Multiroom Setup Tool versions prior to V9.34 build 13381 **Description** The issue allows unauthorized remote attackers to obtain sensitive information. This can be achieved via the "/xml/menu/getObjectEditor.xml" URL, using a "?oid=systemSetup&id= 0" or "?oid=systemUsers&id= 0" GET request. **Recommendations** For versions prior to V9.34 build 13381, update to version V9.34 build 13381 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/xml/menu/getObjectEditor.xml" URL to minimize the risk of exploitation. Avoid using the `oid` and `id` parameters in the affected API endpoint until the issue is resolved.