Vulnerabilities > CVE-2018-13858 - Unspecified vulnerability in Trivum C4 Professional Firmware 8.76

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

trivum

critical

NVD

Published: 2018-07-17

Updated: 2024-11-21

Summary

MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional allows unauthorized remote attackers to reboot or execute other functions via the "/xml/system/control.xml" URL, using the GET request "?action=reboot" for example.

Vulnerable Configurations

Part	Description	Count
OS	Trivum Trivum C4 Professional Firmware 8.76	1
Hardware	Trivum Trivum C4 Professional -	1

References

https://vulncode.com/advisory/CVE-2018-13858
https://vulncode.com/advisory/CVE-2018-13858