CVE-2018-13317

EPSS 0.17% · P38 Updated Feb 21, 2026

Public Exploits 1

Nuclei · 1 CVE-2018-13317.yaml [template]

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2018-13317

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

Password disclosure in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to obtain the plaintext password for the admin user by making a GET request for password.htm.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

TotoLink A3002RU 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

TotoLink A3002RU是吉翁电子（TotoLink）公司的一款无线路由器产品。 TotoLink A3002RU 1.0.8版本中的password.htm页面存在安全漏洞。攻击者可通过发送GET请求利用该漏洞获管理员的明文密码。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2018-13317

#	POC Description	Source Link	Shenlong Link
1	TOTOLINK A3002RU firmware version 1.0.8 contains a vulnerability in which an unauthenticated attacker can obtain the plaintext admin password by making a GET request for `password.htm`. This allows remote attackers to gain administrative access without credentials.	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2018/CVE-2018-13317.yaml	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2018-13317

请登录查看更多情报信息。

Same Patch Batch · n/a · 2018-11-26 · 49 CVEs total

CVE-2018-19560		BageCMS 跨站请求伪造漏洞
CVE-2018-19537		TP-Link Archer C5 安全漏洞
CVE-2018-19540		JasPer 缓冲区错误漏洞
CVE-2018-19528		TP-Link TL-WR886N 安全漏洞
CVE-2018-19530		HTTL 安全漏洞
CVE-2018-19531		HTTL 安全漏洞
CVE-2018-19532		PoDoFo 安全漏洞
CVE-2018-19535		Exiv2 安全漏洞
CVE-2018-19543		JasPer 缓冲区错误漏洞
CVE-2018-19561		sikcms 跨站请求伪造漏洞
CVE-2018-19562		PHPOK 安全漏洞
CVE-2018-19559		CuppaCMS SQL注入漏洞
CVE-2018-19558		arcms SQL注入漏洞
CVE-2018-19557		arcms 安全漏洞
CVE-2018-19556		Z-BlogPHP 输入验证错误漏洞
CVE-2018-19555		tp4a TELEPORT 跨站请求伪造漏洞
CVE-2018-19554		dotCMS 跨站脚本漏洞
CVE-2018-19553		BigCommerec Interspire Email Marketer SQL注入漏洞
CVE-2018-19552		BigCommerec Interspire Email Marketer SQL注入漏洞
CVE-2018-19551		BigCommerec Interspire Email Marketer SQL注入漏洞

Showing top 20 of 49 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2018-13317

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2018-13317

Public Exploits 1

I. Basic Information for CVE-2018-13317

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2018-13317

III. Intelligence Information for CVE-2018-13317

Same Patch Batch · n/a · 2018-11-26 · 49 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2018-13317

Leave a comment