CVE-2013-4861

Опубликовано: 28 янв. 2020

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Средний

Описание

Directory traversal vulnerability in cgi-bin/cmh/get_file.sh in MiCasaVerde VeraLite with firmware 1.5.408 allows remote authenticated users to read arbirary files via a .. (dot dot) in the filename parameter.

Ссылки

http://packetstormsecurity.com/files/122654/MiCasaVerde-VeraLite-1.5.408-Traversal-Authorization-CSRF-Disclosure.html
Exploit
Third Party Advisory
VDB Entry
http://www.exploit-db.com/exploits/27286
Exploit
Third Party Advisory
VDB Entry
https://www3.trustwave.com/spiderlabs/advisories/TWSL2013-019.txt
Exploit
http://packetstormsecurity.com/files/122654/MiCasaVerde-VeraLite-1.5.408-Traversal-Authorization-CSRF-Disclosure.html
Exploit
Third Party Advisory
VDB Entry
http://www.exploit-db.com/exploits/27286
Exploit
Third Party Advisory
VDB Entry
https://www3.trustwave.com/spiderlabs/advisories/TWSL2013-019.txt
Exploit

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:micasaverde:veralite_firmware:1.5.408:*:*:*:*:*:*:*

cpe:2.3:h:micasaverde:veralite:-:*:*:*:*:*:*:*

EPSS

Процентиль: 94%

0.14561

Средний

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-7h9p-w3hh-v4vp

github

почти 4 года назад