CVE-2018-25040

A vulnerability was found in uTorrent Web. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component HTTP RPC Server. The manipulation leads to privilege escalation. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.
Configurations

Configuration 1 (hide)

cpe:2.3:a:utorrent:web:-:*:*:*:*:*:*:*

History

21 Nov 2024, 04:03

Type Values Removed Values Added
CVSS v2 : 6.8
v3 : 8.8
v2 : 6.8
v3 : 6.3
References () https://bugs.chromium.org/p/project-zero/issues/detail?id=1524 - Issue Tracking, Mailing List, Third Party Advisory () https://bugs.chromium.org/p/project-zero/issues/detail?id=1524 - Issue Tracking, Mailing List, Third Party Advisory
References () https://vuldb.com/?id.113803 - Exploit, Third Party Advisory () https://vuldb.com/?id.113803 - Exploit, Third Party Advisory
References () https://www.scmagazineuk.com/utorrent-apps-vulnerable-to-remote-code-execution-information-disclosure/article/746248/ - Not Applicable () https://www.scmagazineuk.com/utorrent-apps-vulnerable-to-remote-code-execution-information-disclosure/article/746248/ - Not Applicable

27 Jun 2022, 19:43

Type Values Removed Values Added
CWE NVD-CWE-noinfo
CVSS v2 : unknown
v3 : unknown
v2 : 6.8
v3 : 8.8
CPE cpe:2.3:a:utorrent:web:-:*:*:*:*:*:*:*
References (MISC) https://bugs.chromium.org/p/project-zero/issues/detail?id=1524 - (MISC) https://bugs.chromium.org/p/project-zero/issues/detail?id=1524 - Issue Tracking, Mailing List, Third Party Advisory
References (MISC) https://www.scmagazineuk.com/utorrent-apps-vulnerable-to-remote-code-execution-information-disclosure/article/746248/ - (MISC) https://www.scmagazineuk.com/utorrent-apps-vulnerable-to-remote-code-execution-information-disclosure/article/746248/ - Not Applicable
References (MISC) https://vuldb.com/?id.113803 - (MISC) https://vuldb.com/?id.113803 - Exploit, Third Party Advisory

17 Jun 2022, 13:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-06-17 13:15

Updated : 2024-11-21 04:03


NVD link : CVE-2018-25040

Mitre link : CVE-2018-25040

CVE.ORG link : CVE-2018-25040


JSON object : View

Products Affected

utorrent

  • web
CWE
CWE-269

Improper Privilege Management

NVD-CWE-noinfo