CVE-2013-4862

Опубликовано: 28 янв. 2020

Источник: nvd

CVSS3: 8.1

CVSS2: 5.5

EPSS Низкий

Описание

MiCasaVerde VeraLite with firmware 1.5.408 does not properly restrict access, which allows remote authenticated users to (1) update the firmware via the squashfs parameter to upgrade_step2.sh or (2) obtain hashed passwords via the cgi-bin/cmh/backup.sh page.

Ссылки

http://packetstormsecurity.com/files/122654/MiCasaVerde-VeraLite-1.5.408-Traversal-Authorization-CSRF-Disclosure.html
Exploit
Third Party Advisory
VDB Entry
http://www.exploit-db.com/exploits/27286
Exploit
Third Party Advisory
VDB Entry
https://www3.trustwave.com/spiderlabs/advisories/TWSL2013-019.txt
Exploit
http://packetstormsecurity.com/files/122654/MiCasaVerde-VeraLite-1.5.408-Traversal-Authorization-CSRF-Disclosure.html
Exploit
Third Party Advisory
VDB Entry
http://www.exploit-db.com/exploits/27286
Exploit
Third Party Advisory
VDB Entry
https://www3.trustwave.com/spiderlabs/advisories/TWSL2013-019.txt
Exploit

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:micasaverde:veralite_firmware:1.5.408:*:*:*:*:*:*:*

cpe:2.3:h:micasaverde:veralite:-:*:*:*:*:*:*:*

EPSS

Процентиль: 92%

0.07944

Низкий

8.1 High

CVSS3

5.5 Medium

CVSS2

Дефекты

CWE-863

Связанные уязвимости

GHSA-246w-4q6g-jh9h

github

больше 3 лет назад