PT-2018-12224 · Sony · Musiccenter / Trivum Multiroom Setup Tool

Vulnc0D3

Published

2018-07-17

Updated

2019-10-03

CVE-2018-13858

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions MusicCenter / Trivum Multiroom Setup Tool version 8.76

Description The issue allows unauthorized remote attackers to reboot or execute other functions. This can be achieved via the "/xml/system/control.xml" API endpoint, using the GET request with the action variable set to reboot, for example, "?action=reboot".

Recommendations For MusicCenter / Trivum Multiroom Setup Tool version 8.76, as a temporary workaround, consider restricting access to the "/xml/system/control.xml" API endpoint to minimize the risk of exploitation. Avoid using the action variable in the affected API endpoint until the issue is resolved.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2018-13858

Affected Products

Musiccenter / Trivum Multiroom Setup Tool

PT-2018-12224 · Sony · Musiccenter / Trivum Multiroom Setup Tool

CVE-2018-13858

Related Identifiers

Affected Products

References · 3