Vulnerability Details : CVE-2018-13313
In TOTOLINK A3002RU 1.0.8, the router provides a page that allows the user to change their account name and password. This page, password.htm, contains JavaScript which is used to confirm the user knows their current password before allowing them to change their password. However, this JavaScript contains the current user’s password in plaintext.
Products affected by CVE-2018-13313
- cpe:2.3:o:totolink:a3002ru_firmware:1.0.8:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-13313
0.15%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 52 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-13313
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST | |
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2018-13313
-
The product stores sensitive information without properly limiting read or write access by unauthorized actors.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-13313
-
https://blog.securityevaluators.com/new-vulnerabilities-in-totolink-a3002ru-d6f42a081154
New Vulnerabilities in TOTOLINK A3002RU - Independent Security EvaluatorsExploit;Third Party Advisory
-
https://www.ise.io/casestudies/sohopelessly-broken-2-0/
SOHOpelessly Broken 2.0 - Independent Security EvaluatorsThird Party Advisory
Jump to