Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2018-13989

Published: 11/07/2018 Updated: 06/09/2018
CVSS v2 Base Score: 8.3 | Impact Score: 8.5 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 835
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:C
Subscribe to Arcelikas

Vulnerability Summary

Grundig Smart Inter@ctive TV 3.0 devices allow CSRF attacks via a POST request to TCP port 8085 containing a predictable ID value, as demonstrated by a /sendrcpackage?keyid=-2544&keysymbol=-4081 request to shut off the device.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

arcelikas grundig_smart_inter\\@ctive_firmware 3.0

Exploits

Exploit DB: Grundig Smart Inter@ctive 3.0 - Cross-Site Request Forgery
# Exploit Title: Grundig Smart Inter@ctive 30 - Cross-Site Request Forgery # Date: 2018-07-§3 # Exploit Author: Ahmethan-Gultekin - t4rkd3vilz # Vendor Homepage: wwwgrundigcom/ # Software Link: playgooglecom/store/apps/details?id=arcelik # Version: Before > Smart Inter@ctive 30 # Tested on: Kali Linux # CVE : CVE-2018-1398 ...

References

CWE-352https://www.youtube.com/watch?v=H7WYTkgtwsYhttps://packetstormsecurity.com/files/148453/Grundig-Smart-Inter-ctive-3.0-Insecure-Direct-Object-Reference.htmlhttps://www.exploit-db.com/exploits/45022/https://nvd.nist.govhttps://www.exploit-db.com/exploits/45022/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTICVE-2024-35863CVE-2024-35910man-in-the-middleCVE-2024-35912CVE-2024-25742LFICVE-2024-32002CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook