CVE-2018-13315

Incorrect access control in formPasswordSetup in TOTOLINK A3002RU version 1.0.8 allows attackers to change the admin user's password via an...

Basic Information

CVE State: PUBLISHED
Reserved Date: July 05, 2018
Published Date: November 26, 2018
Last Updated: August 05, 2024
Vendor: TOTOLINK
Product: A3002RU
Description: Incorrect access control in formPasswordSetup in TOTOLINK A3002RU version 1.0.8 allows attackers to change the admin user's password via an unauthenticated POST request.
Tags

CVSS Scores

CVSS v2.0

5.0

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

EPSS Score

Score: 0.97% (Percentile: 75.44%) as of 2025-05-24

Exploit Status

Exploited in the Wild: Yes (2025-04-26 00:00:00 UTC) Source

References

https://blog.securityevaluators.com/new-vulnerabilities-in-totolink-a3002ru-d6f42a081154

Known Exploited Vulnerability Information

Source	Added Date
The Shadowserver (via CIRCL)	2025-04-26 00:00:00 UTC

Timeline

CVE ID Reserved

July 05, 2018
CVE Published to Public

November 26, 2018
Added to KEVIntel

April 26, 2025