CVE-2018-13862

Name of the Vulnerable Software and Affected Versions Trivum WebTouch Setup V9 version 2.53 build 13163

Description The issue allows unauthorized remote attackers to reset authentication settings, enabling them to login without authorization. This can be achieved by sending a GET request to the "/xml/system/setAttribute.xml" URL with the parameters id=0, attr=protectAccess, and newValue=0.

Recommendations For Trivum WebTouch Setup V9 version 2.53 build 13163, as a temporary workaround, consider restricting access to the "/xml/system/setAttribute.xml" URL to minimize the risk of exploitation. Avoid using the id, attr, and newValue parameters in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.