Incorrect access control in formPasswordSetup in TOTOLINK A3002RU version 1.0.8 allows malicious users to change the admin user's password via an unauthenticated POST request.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
totolink a3002ru_firmware 1.0.8 |