CVE-2018-13313
Summary
| CVE | CVE-2018-13313 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-02-24 19:15:00 UTC |
| Updated | 2020-03-04 22:06:00 UTC |
| Description | In TOTOLINK A3002RU 1.0.8, the router provides a page that allows the user to change their account name and password. This page, password.htm, contains JavaScript which is used to confirm the user knows their current password before allowing them to change their password. However, this JavaScript contains the current user’s password in plaintext. |
Risk And Classification
Problem Types: CWE-922
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Totolink | A3002ru | - | All | All | All |
| Hardware | Totolink | A3002ru | - | All | All | All |
| Operating System | Totolink | A3002ru Firmware | 1.0.8 | All | All | All |
| Operating System | Totolink | A3002ru Firmware | 1.0.8 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| SOHOpelessly Broken 2.0 - Independent Security Evaluators | MISC | www.ise.io | Third Party Advisory |
| New Vulnerabilities in TOTOLINK A3002RU – Independent Security Evaluators | MISC | blog.securityevaluators.com | Exploit, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.