← back
CVE-2018-13859

CVE-2018-13859

EPSS 17.9%
MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional before V9.34 build 13381 - 12.07.18, allow unauthorized remote attackers to reset the authentication via the "/xml/system/setAttribute.xml" URL, using the GET request "?id=0&attr=protectAccess&newValue=0" (a successful attack will allow attackers to login without authorization).
Affected products
n/a · n/a
public PoCs found2
cve_referencewww.exploit-db.com/exploits/45088/unverifiedexploitdbwww.exploit-db.com/exploits/45088unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://vulncode.com/advisory/CVE-2018-13859https://www.exploit-db.com/exploits/45088/http://update.trivum.com/update/v9-changes.html