CVE-2013-4864

Опубликовано: 28 янв. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Средний

Описание

MiCasaVerde VeraLite with firmware 1.5.408 allows remote attackers to send HTTP requests to intranet servers via the url parameter to cgi-bin/cmh/proxy.sh, related to a Server-Side Request Forgery (SSRF) issue.

Ссылки

http://packetstormsecurity.com/files/122654/MiCasaVerde-VeraLite-1.5.408-Traversal-Authorization-CSRF-Disclosure.html
Exploit
Third Party Advisory
VDB Entry
http://www.exploit-db.com/exploits/27286
Exploit
Third Party Advisory
VDB Entry
https://www3.trustwave.com/spiderlabs/advisories/TWSL2013-019.txt
Exploit
http://packetstormsecurity.com/files/122654/MiCasaVerde-VeraLite-1.5.408-Traversal-Authorization-CSRF-Disclosure.html
Exploit
Third Party Advisory
VDB Entry
http://www.exploit-db.com/exploits/27286
Exploit
Third Party Advisory
VDB Entry
https://www3.trustwave.com/spiderlabs/advisories/TWSL2013-019.txt
Exploit

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:micasaverde:veralite_firmware:1.5.408:*:*:*:*:*:*:*

cpe:2.3:h:micasaverde:veralite:-:*:*:*:*:*:*:*

EPSS

Процентиль: 97%

0.30461

Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-918

Связанные уязвимости

GHSA-mr79-5w95-267x

github

почти 4 года назад