Password Disclosure Vulnerability in TOTOLINK A3002RU Version 1.0.8

Password Disclosure Vulnerability in TOTOLINK A3002RU Version 1.0.8

CVE-2018-13317 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

Password disclosure in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to obtain the plaintext password for the admin user by making a GET request for password.htm.

Learn more about our User Device Pen Test.