Unauthenticated Password Change Vulnerability in TOTOLINK A3002RU Version 1.0.8

Unauthenticated Password Change Vulnerability in TOTOLINK A3002RU Version 1.0.8

CVE-2018-13315 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:N

Incorrect access control in formPasswordSetup in TOTOLINK A3002RU version 1.0.8 allows attackers to change the admin user's password via an unauthenticated POST request.

Learn more about our User Device Pen Test.