Lucene search

CVE-2018-13859

🗓️ 17 Jul 2018 14:00:29Reported by mitreType

cve🔗 web.nvd.nist.gov👁 36 Views🌐 WEB

CVE-2018-13859 MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional allows unauthorized remote access

Reporter	Title	Published	Views	Family All 7
0day.today	Trivum Multiroom Setup Tool 8.76 - Cross-Site Request Forgery (Admin Bypass) Vulnerability	26 Jul 201800:00	–	zdt
Packet Storm	Trivum Multiroom Setup Tool 8.76 Cross Site Request Forgery	26 Jul 201800:00	–	packetstorm
NVD	CVE-2018-13859	17 Jul 201814:29	–	nvd
Prion	Authorization	17 Jul 201814:29	–	prion
Exploit DB	Trivum Multiroom Setup Tool 8.76 - Corss-Site Request Forgery (Admin Bypass)	26 Jul 201800:00	–	exploitdb
exploitpack	Trivum Multiroom Setup Tool 8.76 - Corss-Site Request Forgery (Admin Bypass)	26 Jul 201800:00	–	exploitpack
Cvelist	CVE-2018-13859	17 Jul 201814:00	–	cvelist

Nvd

Node

trivum c4_professional_firmwareMatch8.76

AND

trivum c4_professionalMatch-

Source	Link
update	www.update.trivum.com/update/v9-changes.html
exploit-db	www.exploit-db.com/exploits/45088/
vulncode	www.vulncode.com/advisory/CVE-2018-13859

Parameter	Position	Path	Description	CWE
id	query param	/xml/system/setAttribute.xml	Unauthorized remote attackers can reset authentication allowing login without authorization.	CWE-287
attr	query param	/xml/system/setAttribute.xml	Unauthorized remote attackers can reset authentication allowing login without authorization.	CWE-287
newValue	query param	/xml/system/setAttribute.xml	Unauthorized remote attackers can reset authentication allowing login without authorization.	CWE-287

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

17 Jul 2018 14:29Current

9.5High risk

Vulners AI Score9.5

CVSS27.5

CVSS39.8

EPSS0.05192