Vulnerabilities > CVE-2018-13862 - Unspecified vulnerability in Trivum Webtouch Setup V9 Firmware 2.53

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

trivum

exploit available

NVD

Published: 2018-07-17

Updated: 2019-10-03

Summary

Touchpad / Trivum WebTouch Setup V9 V2.53 build 13163 of Apr 6 2018 09:10:14 (FW 303) allow unauthorized remote attackers to reset the authentication via the "/xml/system/setAttribute.xml" URL, using the GET request "?id=0&attr=protectAccess&newValue=0" (a successful attack will allow attackers to login without authorization).

Vulnerable Configurations

Part	Description	Count
OS	Trivum Trivum Webtouch Setup V9 Firmware 2.53	1
Hardware	Trivum Trivum Webtouch Setup V9 -	1

Exploit-Db

description	Touchpad / Trivum WebTouch Setup 2.53 build 13163 - Authentication Bypass. CVE-2018-13862. Webapps exploit for Hardware platform. Tags: Authentication Bypass...
file	exploits/hardware/webapps/45063.txt
id	EDB-ID:45063
last seen	2018-07-24
modified	2018-07-20
platform	hardware
port
published	2018-07-20
reporter	Exploit-DB
source	https://www.exploit-db.com/download/45063/
title	Touchpad / Trivum WebTouch Setup 2.53 build 13163 - Authentication Bypass
type	webapps

Summary

Vulnerable Configurations

Exploit-Db

References