CVE-2018-13317

2018-11-2622:00:00

mitre

www.cve.org

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

43.2%

JSON

Password disclosure in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to obtain the plaintext password for the admin user by making a GET request for password.htm.

References

blog.securityevaluators.com/new-vulnerabilities-in-totolink-a3002ru-d6f42a081154