PT-2018-11736 · Totolink · Totolink A3002Ru

Published

2018-11-26

Updated

2018-12-19

CVE-2018-13312

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions TOTOLINK A3002RU version 1.0.8

Description The issue allows attackers to execute arbitrary JavaScript by modifying the Input your notice URL field in notice gen.htm, potentially leading to cross-site scripting.

Recommendations For TOTOLINK A3002RU version 1.0.8, consider restricting access to the notice gen.htm page until a fix is available, and avoid using the Input your notice URL field to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2018-13312

Affected Products

Totolink A3002Ru

PT-2018-11736 · Totolink · Totolink A3002Ru

CVE-2018-13312

Weakness Enumeration

Related Identifiers

Affected Products

References · 3