cve/2018/CVE-2018-13313.md

### [CVE-2018-13313](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13313)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

In TOTOLINK A3002RU 1.0.8, the router provides a page that allows the user to change their account name and password. This page, password.htm, contains JavaScript which is used to confirm the user knows their current password before allowing them to change their password. However, this JavaScript contains the current user’s password in plaintext.

### POC

#### Reference
- https://blog.securityevaluators.com/new-vulnerabilities-in-totolink-a3002ru-d6f42a081154
- https://blog.securityevaluators.com/new-vulnerabilities-in-totolink-a3002ru-d6f42a081154
- https://www.ise.io/casestudies/sohopelessly-broken-2-0/
- https://www.ise.io/casestudies/sohopelessly-broken-2-0/

#### Github
- https://github.com/ARPSyndicate/cvemon
-												Update Sun May 26 14:27:04 CEST 2024

											
										
										
											2024-05-26 14:27:05 +02:00
+								### [CVE-2018-13313](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13313)
 								![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
 								![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 								![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
 								### Description
 								In TOTOLINK A3002RU 1.0.8, the router provides a page that allows the user to change their account name and password. This page, password.htm, contains JavaScript which is used to confirm the user knows their current password before allowing them to change their password. However, this JavaScript contains the current user’s password in plaintext.
 								### POC
 								#### Reference
 								- https://blog.securityevaluators.com/new-vulnerabilities-in-totolink-a3002ru-d6f42a081154
-												Update CVE sources 2024-06-09 00:33

											
										
										
											2024-06-09 00:33:16 +00:00
+								- https://blog.securityevaluators.com/new-vulnerabilities-in-totolink-a3002ru-d6f42a081154
-												Update Sun May 26 14:27:04 CEST 2024

											
										
										
											2024-05-26 14:27:05 +02:00
+								- https://www.ise.io/casestudies/sohopelessly-broken-2-0/
-												Update CVE sources 2024-06-09 00:33

											
										
										
											2024-06-09 00:33:16 +00:00
+								- https://www.ise.io/casestudies/sohopelessly-broken-2-0/
-												Update Sun May 26 14:27:04 CEST 2024

											
										
										
											2024-05-26 14:27:05 +02:00
 								#### Github
 								- https://github.com/ARPSyndicate/cvemon