exploitDog

GHSA-vw86-c7px-f6g6

Опубликовано: 14 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 9.8

Описание

Incorrect access control in formPasswordSetup in TOTOLINK A3002RU version 1.0.8 allows attackers to change the admin user's password via an unauthenticated POST request.

Incorrect access control in formPasswordSetup in TOTOLINK A3002RU version 1.0.8 allows attackers to change the admin user's password via an unauthenticated POST request.

Ссылки

EPSS

Процентиль: 72%

0.00737

Низкий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-20

Связанные уязвимости

CVE-2018-13315

CVSS3: 9.8

nvd

около 7 лет назад

Incorrect access control in formPasswordSetup in TOTOLINK A3002RU version 1.0.8 allows attackers to change the admin user's password via an unauthenticated POST request.

EPSS

Процентиль: 72%

0.00737

Низкий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-20