Vulnerabilities > CVE-2018-13859 - Unspecified vulnerability in Trivum C4 Professional Firmware 8.76

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

trivum

exploit available

NVD

Published: 2018-07-17

Updated: 2019-10-03

Summary

MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional before V9.34 build 13381 - 12.07.18, allow unauthorized remote attackers to reset the authentication via the "/xml/system/setAttribute.xml" URL, using the GET request "?id=0&attr=protectAccess&newValue=0" (a successful attack will allow attackers to login without authorization).

Vulnerable Configurations

Part	Description	Count
OS	Trivum Trivum C4 Professional Firmware 8.76	1
Hardware	Trivum Trivum C4 Professional -	1

Exploit-Db

description	Trivum Multiroom Setup Tool 8.76 - Corss-Site Request Forgery (Admin Bypass). CVE-2018-13859. Webapps exploit for Hardware platform. Tags: Cross-Site Request...
file	exploits/hardware/webapps/45088.txt
id	EDB-ID:45088
last seen	2018-07-30
modified	2018-07-26
platform	hardware
port	80
published	2018-07-26
reporter	Exploit-DB
source	https://www.exploit-db.com/download/45088/
title	Trivum Multiroom Setup Tool 8.76 - Corss-Site Request Forgery (Admin Bypass)
type	webapps

Packetstorm

data source	https://packetstormsecurity.com/files/download/148677/trivummst876-xsrf.txt
id	PACKETSTORM:148677
last seen	2018-07-31
published	2018-07-26
reporter	vulnc0d3c
source	https://packetstormsecurity.com/files/148677/Trivum-Multiroom-Setup-Tool-8.76-Cross-Site-Request-Forgery.html
title	Trivum Multiroom Setup Tool 8.76 Cross Site Request Forgery

Summary

Vulnerable Configurations

Exploit-Db

Packetstorm

References