Sign-up

ID

VAR-202002-0879


CVE

CVE-2018-13313


TITLE

TOTOLINK A3002RU Vulnerability in insecure storage of critical information in

Trust: 0.8

sources: JVNDB: JVNDB-2018-016229

DESCRIPTION

In TOTOLINK A3002RU 1.0.8, the router provides a page that allows the user to change their account name and password. This page, password.htm, contains JavaScript which is used to confirm the user knows their current password before allowing them to change their password. However, this JavaScript contains the current user’s password in plaintext. TOTOLINK A3002RU There is a vulnerability in the insecure storage of important information.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2018-13313 // JVNDB: JVNDB-2018-016229

AFFECTED PRODUCTS

vendor:totolinkmodel:a3002ruscope:eqversion:1.0.8

Trust: 1.8

sources: JVNDB: JVNDB-2018-016229 // NVD: CVE-2018-13313

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-13313
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2018-016229
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201909-937
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2018-13313
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2018-016229
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

nvd@nist.gov: CVE-2018-13313
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2018-016229
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2018-016229 // CNNVD: CNNVD-201909-937 // NVD: CVE-2018-13313

PROBLEMTYPE DATA

problemtype:CWE-922

Trust: 1.8

sources: JVNDB: JVNDB-2018-016229 // NVD: CVE-2018-13313

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201909-937

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201909-937

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-016229

PATCH
title:Top Pageurl:https://www.totolink.net/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-016229

EXTERNAL IDS
db:NVDid:CVE-2018-13313
Trust: 2.4
db:JVNDBid:JVNDB-2018-016229
Trust: 0.8
db:CNNVDid:CNNVD-201909-937
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-016229 // 
            
            
            
            CNNVD: CNNVD-201909-937 // 
            
            
            
            NVD: CVE-2018-13313

REFERENCES
url:https://blog.securityevaluators.com/new-vulnerabilities-in-totolink-a3002ru-d6f42a081154
Trust: 2.4
url:https://www.ise.io/casestudies/sohopelessly-broken-2-0/
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2018-13313
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13313
Trust: 0.8
url:https://www.securityevaluators.com/whitepaper/sohopelessly-broken-2/
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-016229 // 
            
            
            
            CNNVD: CNNVD-201909-937 // 
            
            
            
            NVD: CVE-2018-13313

CREDITS
Rick Ramgattie,Shaun Mirani, Joshua Meyer, and Ian Sindermann
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201909-937

SOURCES
db:JVNDBid:JVNDB-2018-016229
db:CNNVDid:CNNVD-201909-937
db:NVDid:CVE-2018-13313

LAST UPDATE DATE
2024-11-23T22:29:46.461000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2018-016229date:2020-03-16T00:00:00
db:CNNVDid:CNNVD-201909-937date:2022-03-24T00:00:00
db:NVDid:CVE-2018-13313date:2024-11-21T03:46:51.290

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2018-016229date:2020-03-16T00:00:00
db:CNNVDid:CNNVD-201909-937date:2019-09-16T00:00:00
db:NVDid:CVE-2018-13313date:2020-02-24T19:15:11.933