Unauthenticated Password Change Vulnerability in TOTOLINK A3002RU Version 1.0.8
CVE-2018-13315 · MEDIUM Severity
AV:N/AC:L/AU:N/C:N/I:P/A:N
Incorrect access control in formPasswordSetup in TOTOLINK A3002RU version 1.0.8 allows attackers to change the admin user's password via an unauthenticated POST request.
Learn more about our User Device Pen Test.