Vulnerabilities > CVE-2018-13858 - Unspecified vulnerability in Trivum C4 Professional Firmware 8.76

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
trivum
critical

Summary

MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional allows unauthorized remote attackers to reboot or execute other functions via the "/xml/system/control.xml" URL, using the GET request "?action=reboot" for example.

Vulnerable Configurations

Part Description Count
OS
Trivum
1
Hardware
Trivum
1