2 matches found
Trivum Multiroom Setup Tool 8.76 - Cross-Site Request Forgery (Admin Bypass) Vulnerability
Exploit for hardware platform in category web applications Exploit Title: Trivum Multiroom Setup Tool 8.76 - Corss-Site Request Forgery Admin Bypass Date: 2018-07-25 Software Link: https://world.trivum-shop.de https://world.trivum-shop.de/ Version: 9.34 build 13381 - 12.07.18 Category: hardware,...
CVE-2018-13859
CVE-2018-13859 affects MusicCenter / Trivum Multiroom Setup Tool V8.76 (SNR 8604.26) and C4 Professional prior to V9.34 build 13381. The root cause is an unauthorized reset of authentication via the GET endpoint /xml/system/setAttribute.xml with id=0&attr=protectAccess&newValue=0, allowing attack...