Sign-up

ID

VAR-201807-0806


CVE

CVE-2018-13860


TITLE

MusicCenter / Trivum Multiroom Setup tool C4 Professional Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2018-008216

DESCRIPTION

MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional before V9.34 build 13381 - 12.07.18 allows unauthorized remote attackers to obtain sensitive information via the "/xml/menu/getObjectEditor.xml" URL, using a "?oid=systemSetup&id=_0" or "?oid=systemUsers&id=_0" GET request. MusicCenter/Trivum Multiroom Setup Tool is a tool for installing and setting streaming media sources (music players)

Trust: 1.71

sources: NVD: CVE-2018-13860 // JVNDB: JVNDB-2018-008216 // VULHUB: VHN-123962

AFFECTED PRODUCTS

vendor:trivummodel:c4 professionalscope:eqversion:8.76

Trust: 1.6

vendor:triviummodel:c4 professionalscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2018-008216 // CNNVD: CNNVD-201807-1264 // NVD: CVE-2018-13860

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-13860
value: HIGH

Trust: 1.0

NVD: CVE-2018-13860
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201807-1264
value: MEDIUM

Trust: 0.6

VULHUB: VHN-123962
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-13860
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-123962
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-13860
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-123962 // JVNDB: JVNDB-2018-008216 // CNNVD: CNNVD-201807-1264 // NVD: CVE-2018-13860

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-123962 // JVNDB: JVNDB-2018-008216 // NVD: CVE-2018-13860

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-1264

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201807-1264

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-008216

PATCH
title:Change Notesurl:http://update.trivum.com/update/v9-changes.html
Trust: 0.8
title:MusicCenter/Trivum Multiroom Setup Tool Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84062
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-008216 // 
            
            
            
            CNNVD: CNNVD-201807-1264

EXTERNAL IDS
db:NVDid:CVE-2018-13860
Trust: 2.5
db:JVNDBid:JVNDB-2018-008216
Trust: 0.8
db:CNNVDid:CNNVD-201807-1264
Trust: 0.7
db:VULHUBid:VHN-123962
Trust: 0.1
sources:
            
            
            VULHUB: VHN-123962 // 
            
            
            
            JVNDB: JVNDB-2018-008216 // 
            
            
            
            CNNVD: CNNVD-201807-1264 // 
            
            
            
            NVD: CVE-2018-13860

REFERENCES
url:http://update.trivum.com/update/v9-changes.html
Trust: 1.7
url:https://vulncode.com/advisory/cve-2018-13860
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13860
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-13860
Trust: 0.8
sources:
            
            
            VULHUB: VHN-123962 // 
            
            
            
            JVNDB: JVNDB-2018-008216 // 
            
            
            
            CNNVD: CNNVD-201807-1264 // 
            
            
            
            NVD: CVE-2018-13860

SOURCES
db:VULHUBid:VHN-123962
db:JVNDBid:JVNDB-2018-008216
db:CNNVDid:CNNVD-201807-1264
db:NVDid:CVE-2018-13860

LAST UPDATE DATE
2024-11-23T23:12:05.755000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-123962date:2018-09-17T00:00:00
db:JVNDBid:JVNDB-2018-008216date:2018-10-11T00:00:00
db:CNNVDid:CNNVD-201807-1264date:2018-08-17T00:00:00
db:NVDid:CVE-2018-13860date:2024-11-21T03:48:12.103

SOURCES RELEASE DATE
db:VULHUBid:VHN-123962date:2018-07-17T00:00:00
db:JVNDBid:JVNDB-2018-008216date:2018-10-11T00:00:00
db:CNNVDid:CNNVD-201807-1264date:2018-07-17T00:00:00
db:NVDid:CVE-2018-13860date:2018-07-17T14:29:00.360