← back
CVE-2018-13862

CVE-2018-13862

EPSS 50.6%
Touchpad / Trivum WebTouch Setup V9 V2.53 build 13163 of Apr 6 2018 09:10:14 (FW 303) allow unauthorized remote attackers to reset the authentication via the "/xml/system/setAttribute.xml" URL, using the GET request "?id=0&attr=protectAccess&newValue=0" (a successful attack will allow attackers to login without authorization).
Affected products
n/a · n/a
public PoCs found2
cve_referencewww.exploit-db.com/exploits/45063/unverifiedexploitdbwww.exploit-db.com/exploits/45063unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://vulncode.com/advisory/CVE-2018-13862https://www.exploit-db.com/exploits/45063/http://update.trivum.com/update/tp9-changes.html