Sign-up

ID

VAR-201807-0808


CVE

CVE-2018-13862


TITLE

Touchpad / Trivum WebTouch Setup V9 Access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-008218

DESCRIPTION

Touchpad / Trivum WebTouch Setup V9 V2.53 build 13163 of Apr 6 2018 09:10:14 (FW 303) allow unauthorized remote attackers to reset the authentication via the "/xml/system/setAttribute.xml" URL, using the GET request "?id=0&attr=protectAccess&newValue=0" (a successful attack will allow attackers to login without authorization). Touchpad / Trivum WebTouch Setup V9 Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Touchpad/Trivum WebTouch Setup is a tool for installing and setting up a touch screen control device for a streaming media source (music player). There is a security vulnerability in Touchpad/Trivum WebTouch Setup V9 2.53 build 13163

Trust: 1.71

sources: NVD: CVE-2018-13862 // JVNDB: JVNDB-2018-008218 // VULHUB: VHN-123964

AFFECTED PRODUCTS

vendor:trivummodel:webtouch setup v9scope:eqversion:2.53

Trust: 1.6

vendor:triviummodel:webtouch setup v9scope:eqversion:2.53 build 13163 of apr 6 2018 09:10:14 (fw 303)

Trust: 0.8

sources: JVNDB: JVNDB-2018-008218 // CNNVD: CNNVD-201807-1262 // NVD: CVE-2018-13862

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-13862
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-13862
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201807-1262
value: CRITICAL

Trust: 0.6

VULHUB: VHN-123964
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-13862
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-123964
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-13862
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-123964 // JVNDB: JVNDB-2018-008218 // CNNVD: CNNVD-201807-1262 // NVD: CVE-2018-13862

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-284

Trust: 0.9

sources: VULHUB: VHN-123964 // JVNDB: JVNDB-2018-008218 // NVD: CVE-2018-13862

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-1262

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201807-1262

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-008218

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-123964

PATCH
title:Change Notesurl:http://update.trivum.com/update/tp9-changes.html
Trust: 0.8
title:Touchpad/Trivum WebTouch Setup Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84063
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-008218 // 
            
            
            
            CNNVD: CNNVD-201807-1262

EXTERNAL IDS
db:NVDid:CVE-2018-13862
Trust: 2.5
db:EXPLOIT-DBid:45063
Trust: 1.7
db:JVNDBid:JVNDB-2018-008218
Trust: 0.8
db:CNNVDid:CNNVD-201807-1262
Trust: 0.7
db:VULHUBid:VHN-123964
Trust: 0.1
sources:
            
            
            VULHUB: VHN-123964 // 
            
            
            
            JVNDB: JVNDB-2018-008218 // 
            
            
            
            CNNVD: CNNVD-201807-1262 // 
            
            
            
            NVD: CVE-2018-13862

REFERENCES
url:https://vulncode.com/advisory/cve-2018-13862
Trust: 2.5
url:http://update.trivum.com/update/tp9-changes.html
Trust: 1.7
url:https://www.exploit-db.com/exploits/45063/
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13862
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-13862
Trust: 0.8
sources:
            
            
            VULHUB: VHN-123964 // 
            
            
            
            JVNDB: JVNDB-2018-008218 // 
            
            
            
            CNNVD: CNNVD-201807-1262 // 
            
            
            
            NVD: CVE-2018-13862

SOURCES
db:VULHUBid:VHN-123964
db:JVNDBid:JVNDB-2018-008218
db:CNNVDid:CNNVD-201807-1262
db:NVDid:CVE-2018-13862

LAST UPDATE DATE
2024-11-23T22:41:47.679000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-123964date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-008218date:2018-10-11T00:00:00
db:CNNVDid:CNNVD-201807-1262date:2019-10-23T00:00:00
db:NVDid:CVE-2018-13862date:2024-11-21T03:48:12.390

SOURCES RELEASE DATE
db:VULHUBid:VHN-123964date:2018-07-17T00:00:00
db:JVNDBid:JVNDB-2018-008218date:2018-10-11T00:00:00
db:CNNVDid:CNNVD-201807-1262date:2018-07-17T00:00:00
db:NVDid:CVE-2018-13862date:2018-07-17T14:29:00.453