Sign-up

ID

VAR-201811-0128


CVE

CVE-2018-13315


TITLE

TOTOLINK A3002RU Access Control Error Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2019-08299 // CNNVD: CNNVD-201811-722

DESCRIPTION

Incorrect access control in formPasswordSetup in TOTOLINK A3002RU version 1.0.8 allows attackers to change the admin user's password via an unauthenticated POST request. TOTOLINK A3002RU Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TOTOLINKA3002RU is an AC1200 wireless dual-band Gigabit router. An access control error vulnerability exists in formPasswordSetup in TOTOLINKA3002RU version 1.0.8

Trust: 2.25

sources: NVD: CVE-2018-13315 // JVNDB: JVNDB-2018-012312 // CNVD: CNVD-2019-08299 // VULHUB: VHN-123362

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-08299

AFFECTED PRODUCTS

vendor:totolinkmodel:a3002ruscope:eqversion:1.0.8

Trust: 3.0

sources: CNVD: CNVD-2019-08299 // JVNDB: JVNDB-2018-012312 // CNNVD: CNNVD-201811-722 // NVD: CVE-2018-13315

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-13315
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-13315
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2019-08299
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201811-722
value: MEDIUM

Trust: 0.6

VULHUB: VHN-123362
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-13315
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-08299
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-123362
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-13315
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-08299 // VULHUB: VHN-123362 // JVNDB: JVNDB-2018-012312 // CNNVD: CNNVD-201811-722 // NVD: CVE-2018-13315

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-123362 // JVNDB: JVNDB-2018-012312 // NVD: CVE-2018-13315

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201811-722

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201811-722

CONFIGURATIONS

[
  {
    "CVE_data_version": "4.0",
    "nodes": [
      {
        "operator": "OR",
        "cpe_match": [
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:totolink:a3002ru_firmware"
          }
        ]
      }
    ]
  }
]

sources: JVNDB: JVNDB-2018-012312

PATCH

title:A3002RUurl:http://totolink.net/home/menu/newstpl/menu_newstpl/products/id/163.html

Trust: 0.8

sources: JVNDB: JVNDB-2018-012312

EXTERNAL IDS

db:NVDid:CVE-2018-13315

Trust: 3.1

db:JVNDBid:JVNDB-2018-012312

Trust: 0.8

db:CNNVDid:CNNVD-201811-722

Trust: 0.7

db:CNVDid:CNVD-2019-08299

Trust: 0.6

db:VULHUBid:VHN-123362

Trust: 0.1

sources: CNVD: CNVD-2019-08299 // VULHUB: VHN-123362 // JVNDB: JVNDB-2018-012312 // CNNVD: CNNVD-201811-722 // NVD: CVE-2018-13315

REFERENCES

url:https://blog.securityevaluators.com/new-vulnerabilities-in-totolink-a3002ru-d6f42a081154

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2018-13315

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13315

Trust: 0.8

sources: CNVD: CNVD-2019-08299 // VULHUB: VHN-123362 // JVNDB: JVNDB-2018-012312 // CNNVD: CNNVD-201811-722 // NVD: CVE-2018-13315

SOURCES

db:CNVDid:CNVD-2019-08299
db:VULHUBid:VHN-123362
db:JVNDBid:JVNDB-2018-012312
db:CNNVDid:CNNVD-201811-722
db:NVDid:CVE-2018-13315

LAST UPDATE DATE

2024-11-23T22:17:16.267000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2019-08299date:2019-03-28T00:00:00
db:VULHUBid:VHN-123362date:2018-12-20T00:00:00
db:JVNDBid:JVNDB-2018-012312date:2019-01-31T00:00:00
db:CNNVDid:CNNVD-201811-722date:2022-03-24T00:00:00
db:NVDid:CVE-2018-13315date:2024-11-21T03:46:51.580

SOURCES RELEASE DATE

db:CNVDid:CNVD-2019-08299date:2019-03-28T00:00:00
db:VULHUBid:VHN-123362date:2018-11-26T00:00:00
db:JVNDBid:JVNDB-2018-012312date:2019-01-31T00:00:00
db:CNNVDid:CNNVD-201811-722date:2018-11-27T00:00:00
db:NVDid:CVE-2018-13315date:2018-11-26T23:29:00.453