CVE-2018-13859
Last modified
CVE-2018-13859 is a vulnerability of currently unknown severity. MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional before V9.34 build 13381 - 12.07.18, allow unauthorized remote attackers to reset the authentication via the "/xml/system/setAttribute.xml" URL, using the GET request "?id=0&attr=protectAccess&newValue=0" (a successful attack will allow attackers to login without authorization).. EPSS estimates a 17.87% chance of exploitation in the next 30 days.
Description
MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional before V9.34 build 13381 - 12.07.18, allow unauthorized remote attackers to reset the authentication via the "/xml/system/setAttribute.xml" URL, using the GET request "?id=0&attr=protectAccess&newValue=0" (a successful attack will allow attackers to login without authorization).
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Trivum | C4 Professional Firmware | 8.76 |
References
- http://update.trivum.com/update/v9-changes.htmlVendor Advisory
- https://vulncode.com/advisory/CVE-2018-13859Third Party Advisory
- https://www.exploit-db.com/exploits/45088/Exploit, Third Party Advisory, VDB Entry
- http://update.trivum.com/update/v9-changes.htmlVendor Advisory
- https://vulncode.com/advisory/CVE-2018-13859Third Party Advisory
- https://www.exploit-db.com/exploits/45088/Exploit, Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-13859?
How severe is CVE-2018-13859?
How do I fix CVE-2018-13859?
Are you affected by CVE-2018-13859?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST