4 matches found
CVE-2018-13313
In TOTOLINK A3002RU 1.0.8, the router provides a page that allows the user to change their account name and password. This page, password.htm, contains JavaScript which is used to confirm the user knows their current password before allowing them to change their password. However, this JavaScript...
CVE-2018-13313
creationtimestamp| type| source ---|---|--- 2025-02-27 17:30:25+00:00| seen| https://infosec.exchange/users/iagox86/statuses/114077035740917101...
CVE-2018-13313 Admin Password returned in password.htm
In TOTOLINK A3002RU 1.0.8, the router provides a page that allows the user to change their account name and password. This page, password.htm, contains JavaScript which is used to confirm the user knows their current password before allowing them to change their password. However, this JavaScript...
CVE-2018-13313
CVE-2018-13313 affects TOTOLINK A3002RU (firmware 1.0.8). The password.htm page uses JavaScript that confirms knowledge of the current password, but the script transmits the user’s current password in plaintext, creating a confidentiality risk for users of the router. The connected documents cons...