Vulnerability-Lookup

CVE-2018-13315 (GCVE-0-2018-13315)

Vulnerability from cvelistv5 – Published: 2018-11-26 22:00 – Updated: 2024-08-05 09:00

KEVIntel

Summary

Incorrect access control in formPasswordSetup in TOTOLINK A3002RU version 1.0.8 allows attackers to change the admin user's password via an unauthenticated POST request.

Severity

9.8 (Critical)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

Assigner

mitre

References

1 reference

URL	Tags
https://blog.securityevaluators.com/new-vulnerabi…	x_refsource_MISC

Date Public

2018-11-07 00:00

KEVIntel

Known Exploited Vulnerability - GCVE BCP-07 Compliant

KEV entry ID: 2e5dc5c9-abb6-49ff-b8f6-5f976c7213f9

Vulnerability ID: CVE-2018-13315

Status: Confirmed

Status Updated: 2025-04-26 00:00 UTC

Exploited: Yes

Timestamps

First Seen: 2025-04-26

Asserted: 2025-04-26

Scope

Notes: KEVIntel entry: Incorrect access control in formPasswordSetup in TOTOLINK A3002RU version 1.0.8 allows attackers to change the admin user's password via an... | Affected: TOTOLINK / A3002RU | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True

Evidence

Type: Public Report

Signal: Successful Exploitation

Confidence: 70%

Source: kevintel

Details

Feed	KEVIntel (kevintel.com)
Title	Incorrect access control in formPasswordSetup in TOTOLINK A3002RU version 1.0.8 allows attackers to change the admin user's password via an...
Vendor	TOTOLINK
Product	A3002RU
Added Date	2025-04-26T00:00:00.000Z
Cvss Score	9.8
Epss Score	None
Cvss Severity	CRITICAL
Epss Percentile	None
Used In Malware	unknown
Ahead Of Cisa Kev	None
Not Yet In Cisa Kev	True

References

Created: 2026-06-23 14:04 UTC | Updated: 2026-06-23 14:04 UTC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T09:00:35.139Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://blog.securityevaluators.com/new-vulnerabilities-in-totolink-a3002ru-d6f42a081154"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-11-07T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Incorrect access control in formPasswordSetup in TOTOLINK A3002RU version 1.0.8 allows attackers to change the admin user\u0027s password via an unauthenticated POST request."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-11-26T21:57:02.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://blog.securityevaluators.com/new-vulnerabilities-in-totolink-a3002ru-d6f42a081154"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-13315",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Incorrect access control in formPasswordSetup in TOTOLINK A3002RU version 1.0.8 allows attackers to change the admin user\u0027s password via an unauthenticated POST request."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://blog.securityevaluators.com/new-vulnerabilities-in-totolink-a3002ru-d6f42a081154",
              "refsource": "MISC",
              "url": "https://blog.securityevaluators.com/new-vulnerabilities-in-totolink-a3002ru-d6f42a081154"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-13315",
    "datePublished": "2018-11-26T22:00:00.000Z",
    "dateReserved": "2018-07-05T00:00:00.000Z",
    "dateUpdated": "2024-08-05T09:00:35.139Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2018-13315",
      "date": "2026-06-23",
      "epss": "0.01555",
      "percentile": "0.71952"
    },
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:totolink:a3002ru_firmware:1.0.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E3280CDA-877A-4BCE-9919-5A8D58D7EBFC\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:totolink:a3002ru:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"21945D3C-27AA-4614-8D5D-C22DE8C56F94\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Incorrect access control in formPasswordSetup in TOTOLINK A3002RU version 1.0.8 allows attackers to change the admin user\u0027s password via an unauthenticated POST request.\"}, {\"lang\": \"es\", \"value\": \"El control de acceso incorrecto en formPasswordSetup, en la versi\\u00f3n 1.0.8 de TOTOLINK A3002RU, permite a los atacantes cambiar la contrase\\u00f1a del usuario de administrador mediante una petici\\u00f3n POST no autenticada.\"}]",
      "id": "CVE-2018-13315",
      "lastModified": "2024-11-21T03:46:51.580",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:P/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2018-11-26T23:29:00.453",
      "references": "[{\"url\": \"https://blog.securityevaluators.com/new-vulnerabilities-in-totolink-a3002ru-d6f42a081154\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://blog.securityevaluators.com/new-vulnerabilities-in-totolink-a3002ru-d6f42a081154\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-13315\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2018-11-26T23:29:00.453\",\"lastModified\":\"2024-11-21T03:46:51.580\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Incorrect access control in formPasswordSetup in TOTOLINK A3002RU version 1.0.8 allows attackers to change the admin user\u0027s password via an unauthenticated POST request.\"},{\"lang\":\"es\",\"value\":\"El control de acceso incorrecto en formPasswordSetup, en la versi\u00f3n 1.0.8 de TOTOLINK A3002RU, permite a los atacantes cambiar la contrase\u00f1a del usuario de administrador mediante una petici\u00f3n POST no autenticada.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:totolink:a3002ru_firmware:1.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3280CDA-877A-4BCE-9919-5A8D58D7EBFC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:totolink:a3002ru:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21945D3C-27AA-4614-8D5D-C22DE8C56F94\"}]}]}],\"references\":[{\"url\":\"https://blog.securityevaluators.com/new-vulnerabilities-in-totolink-a3002ru-d6f42a081154\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://blog.securityevaluators.com/new-vulnerabilities-in-totolink-a3002ru-d6f42a081154\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}"
  }
}

CNVD-2019-08299

Vulnerability from cnvd - Published: 2019-03-28

Title

TOTOLINK A3002RU访问控制错误漏洞

Description

TOTOLINK A3002RU是一款AC1200无线双频千兆路由器。 TOTOLINK A3002RU 1.0.8版中的formPasswordSetup存在访问控制错误漏洞，攻击者可通过未认证的POST请求利用该漏洞更改管理员用户的密码。

Severity

中

Formal description

厂商尚未提供漏洞修复方案，请关注厂商主页更新： http://totolink.net/home/menu/menu/menu_listtpl/prod/id/30.html

Reference

https://nvd.nist.gov/vuln/detail/CVE-2018-13315

Impacted products

Name
TOTOLINK A3002RU 1.0.8

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-13315"
    }
  },
  "description": "TOTOLINK A3002RU\u662f\u4e00\u6b3eAC1200\u65e0\u7ebf\u53cc\u9891\u5343\u5146\u8def\u7531\u5668\u3002\n\nTOTOLINK A3002RU 1.0.8\u7248\u4e2d\u7684formPasswordSetup\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u672a\u8ba4\u8bc1\u7684POST\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u66f4\u6539\u7ba1\u7406\u5458\u7528\u6237\u7684\u5bc6\u7801\u3002",
  "discovererName": "unknown",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttp://totolink.net/home/menu/menu/menu_listtpl/prod/id/30.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-08299",
  "openTime": "2019-03-28",
  "products": {
    "product": "TOTOLINK A3002RU 1.0.8"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-13315",
  "serverity": "\u4e2d",
  "submitTime": "2018-11-27",
  "title": "TOTOLINK A3002RU\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e"
}

FKIE_CVE-2018-13315

Vulnerability from fkie_nvd - Published: 2018-11-26 23:29 - Updated: 2026-06-17 01:39

KEVIntel

Severity

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Incorrect access control in formPasswordSetup in TOTOLINK A3002RU version 1.0.8 allows attackers to change the admin user's password via an unauthenticated POST request.

References

	URL	Tags
	cve@mitre.org	https://blog.securityevaluators.com/new-vulnerabilities-in-totolink-a3002ru-d6f42a081154	Exploit, Third Party Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://blog.securityevaluators.com/new-vulnerabilities-in-totolink-a3002ru-d6f42a081154	Exploit, Third Party Advisory

Impacted products

	Vendor	Product	Version
	totolink	a3002ru_firmware	1.0.8
	totolink	a3002ru	-

JSON

To clipboard

{
  "affected": [
    {
      "affectedData": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "source": "cve@mitre.org"
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:totolink:a3002ru_firmware:1.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3280CDA-877A-4BCE-9919-5A8D58D7EBFC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:totolink:a3002ru:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "21945D3C-27AA-4614-8D5D-C22DE8C56F94",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Incorrect access control in formPasswordSetup in TOTOLINK A3002RU version 1.0.8 allows attackers to change the admin user\u0027s password via an unauthenticated POST request."
    },
    {
      "lang": "es",
      "value": "El control de acceso incorrecto en formPasswordSetup, en la versi\u00f3n 1.0.8 de TOTOLINK A3002RU, permite a los atacantes cambiar la contrase\u00f1a del usuario de administrador mediante una petici\u00f3n POST no autenticada."
    }
  ],
  "id": "CVE-2018-13315",
  "lastModified": "2026-06-17T01:39:11.363",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-11-26T23:29:00.453",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://blog.securityevaluators.com/new-vulnerabilities-in-totolink-a3002ru-d6f42a081154"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://blog.securityevaluators.com/new-vulnerabilities-in-totolink-a3002ru-d6f42a081154"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-VW86-C7PX-F6G6

Vulnerability from github – Published: 2022-05-14 01:46 – Updated: 2022-05-14 01:46

Details

Incorrect access control in formPasswordSetup in TOTOLINK A3002RU version 1.0.8 allows attackers to change the admin user's password via an unauthenticated POST request.

Severity

9.8 (Critical)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-13315"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-11-26T23:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "Incorrect access control in formPasswordSetup in TOTOLINK A3002RU version 1.0.8 allows attackers to change the admin user\u0027s password via an unauthenticated POST request.",
  "id": "GHSA-vw86-c7px-f6g6",
  "modified": "2022-05-14T01:46:46Z",
  "published": "2022-05-14T01:46:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13315"
    },
    {
      "type": "WEB",
      "url": "https://blog.securityevaluators.com/new-vulnerabilities-in-totolink-a3002ru-d6f42a081154"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2018-13315

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Incorrect access control in formPasswordSetup in TOTOLINK A3002RU version 1.0.8 allows attackers to change the admin user's password via an unauthenticated POST request.

Aliases

CVE-2018-13315

Aliases

CVE-2018-13315

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-13315",
    "description": "Incorrect access control in formPasswordSetup in TOTOLINK A3002RU version 1.0.8 allows attackers to change the admin user\u0027s password via an unauthenticated POST request.",
    "id": "GSD-2018-13315"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-13315"
      ],
      "details": "Incorrect access control in formPasswordSetup in TOTOLINK A3002RU version 1.0.8 allows attackers to change the admin user\u0027s password via an unauthenticated POST request.",
      "id": "GSD-2018-13315",
      "modified": "2023-12-13T01:22:26.941657Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2018-13315",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Incorrect access control in formPasswordSetup in TOTOLINK A3002RU version 1.0.8 allows attackers to change the admin user\u0027s password via an unauthenticated POST request."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://blog.securityevaluators.com/new-vulnerabilities-in-totolink-a3002ru-d6f42a081154",
            "refsource": "MISC",
            "url": "https://blog.securityevaluators.com/new-vulnerabilities-in-totolink-a3002ru-d6f42a081154"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:totolink:a3002ru_firmware:1.0.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:totolink:a3002ru:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-13315"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Incorrect access control in formPasswordSetup in TOTOLINK A3002RU version 1.0.8 allows attackers to change the admin user\u0027s password via an unauthenticated POST request."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://blog.securityevaluators.com/new-vulnerabilities-in-totolink-a3002ru-d6f42a081154",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://blog.securityevaluators.com/new-vulnerabilities-in-totolink-a3002ru-d6f42a081154"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2018-12-20T15:54Z",
      "publishedDate": "2018-11-26T23:29Z"
    }
  }
}

VAR-201811-0128

Vulnerability from variot - Updated: 2023-12-18 13:38

Incorrect access control in formPasswordSetup in TOTOLINK A3002RU version 1.0.8 allows attackers to change the admin user's password via an unauthenticated POST request. TOTOLINK A3002RU Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TOTOLINKA3002RU is an AC1200 wireless dual-band Gigabit router. An access control error vulnerability exists in formPasswordSetup in TOTOLINKA3002RU version 1.0.8

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201811-0128",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "a3002ru",
        "scope": "eq",
        "trust": 3.0,
        "vendor": "totolink",
        "version": "1.0.8"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-08299"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012312"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-13315"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-722"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:totolink:a3002ru_firmware:1.0.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:totolink:a3002ru:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-13315"
      }
    ]
  },
  "cve": "CVE-2018-13315",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2018-13315",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2019-08299",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-123362",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2018-13315",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2018-13315",
            "trust": 1.8,
            "value": "CRITICAL"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2019-08299",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201811-722",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-123362",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-08299"
      },
      {
        "db": "VULHUB",
        "id": "VHN-123362"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012312"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-13315"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-722"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Incorrect access control in formPasswordSetup in TOTOLINK A3002RU version 1.0.8 allows attackers to change the admin user\u0027s password via an unauthenticated POST request. TOTOLINK A3002RU Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TOTOLINKA3002RU is an AC1200 wireless dual-band Gigabit router. An access control error vulnerability exists in formPasswordSetup in TOTOLINKA3002RU version 1.0.8",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-13315"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012312"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-08299"
      },
      {
        "db": "VULHUB",
        "id": "VHN-123362"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-13315",
        "trust": 3.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012312",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-722",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-08299",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-123362",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-08299"
      },
      {
        "db": "VULHUB",
        "id": "VHN-123362"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012312"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-13315"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-722"
      }
    ]
  },
  "id": "VAR-201811-0128",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-08299"
      },
      {
        "db": "VULHUB",
        "id": "VHN-123362"
      }
    ],
    "trust": 1.17068965
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS",
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-08299"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:38:26.892000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "A3002RU",
        "trust": 0.8,
        "url": "http://totolink.net/home/menu/newstpl/menu_newstpl/products/id/163.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012312"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-123362"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012312"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-13315"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "https://blog.securityevaluators.com/new-vulnerabilities-in-totolink-a3002ru-d6f42a081154"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-13315"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13315"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-08299"
      },
      {
        "db": "VULHUB",
        "id": "VHN-123362"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012312"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-13315"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-722"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-08299"
      },
      {
        "db": "VULHUB",
        "id": "VHN-123362"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-012312"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-13315"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-722"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-03-28T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-08299"
      },
      {
        "date": "2018-11-26T00:00:00",
        "db": "VULHUB",
        "id": "VHN-123362"
      },
      {
        "date": "2019-01-31T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-012312"
      },
      {
        "date": "2018-11-26T23:29:00.453000",
        "db": "NVD",
        "id": "CVE-2018-13315"
      },
      {
        "date": "2018-11-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201811-722"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-03-28T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-08299"
      },
      {
        "date": "2018-12-20T00:00:00",
        "db": "VULHUB",
        "id": "VHN-123362"
      },
      {
        "date": "2019-01-31T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-012312"
      },
      {
        "date": "2018-12-20T15:54:56.367000",
        "db": "NVD",
        "id": "CVE-2018-13315"
      },
      {
        "date": "2022-03-24T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201811-722"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-722"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "TOTOLINK A3002RU Access Control Error Vulnerability",
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-08299"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-722"
      }
    ],
    "trust": 1.2
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-722"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-13315 (GCVE-0-2018-13315)

KEVIntel

Known Exploited Vulnerability - GCVE BCP-07 Compliant

Timestamps

Scope

Evidence

Public Report Successful Exploitation Confidence: 70% Source: kevintel

Details

References

CNVD-2019-08299

FKIE_CVE-2018-13315

GHSA-VW86-C7PX-F6G6

GSD-2018-13315

VAR-201811-0128

Tags

Sightings

Nomenclature