Password Disclosure in TOTOLINK A3002RU by TOTOLINK
CVE-2018-13317
6.1MEDIUM
What is CVE-2018-13317?
The TOTOLINK A3002RU version 1.0.8 contains a vulnerability that allows unauthorized access to the admin user's plaintext password. By executing a simple GET request to the 'password.htm' endpoint, an attacker can retrieve sensitive user credentials, compromising the device's security. Ensuring that this security flaw is addressed promptly is paramount for protecting network integrity.