Unauthorized Remote Reboot and Function Execution in Touchpad / Trivum WebTouch Setup V9 V2.53

Unauthorized Remote Reboot and Function Execution in Touchpad / Trivum WebTouch Setup V9 V2.53

CVE-2018-13861 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

Touchpad / Trivum WebTouch Setup V9 V2.53 build 13163 of Apr 6 2018 09:10:14 (FW 303) allows unauthorized remote attackers to reboot or execute other functions via the "/xml/system/control.xml" URL, using the GET request "?action=reboot" for example.

Learn more about our Web App Pen Testing.