CVE-2013-4865

Опубликовано: 28 янв. 2020

Источник: nvd

CVSS3: 6.5

CVSS2: 4.3

EPSS Низкий

Описание

Cross-site request forgery (CSRF) vulnerability in upgrade_step2.sh in MiCasaVerde VeraLite with firmware 1.5.408 allows remote attackers to hijack the authentication of users for requests that install arbitrary firmware via the squashfs parameter.

Ссылки

http://packetstormsecurity.com/files/122654/MiCasaVerde-VeraLite-1.5.408-Traversal-Authorization-CSRF-Disclosure.html
Exploit
Third Party Advisory
VDB Entry
http://www.exploit-db.com/exploits/27286
Exploit
Third Party Advisory
VDB Entry
https://www3.trustwave.com/spiderlabs/advisories/TWSL2013-019.txt
Exploit
http://packetstormsecurity.com/files/122654/MiCasaVerde-VeraLite-1.5.408-Traversal-Authorization-CSRF-Disclosure.html
Exploit
Third Party Advisory
VDB Entry
http://www.exploit-db.com/exploits/27286
Exploit
Third Party Advisory
VDB Entry
https://www3.trustwave.com/spiderlabs/advisories/TWSL2013-019.txt
Exploit

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:micasaverde:veralite_firmware:1.5.408:*:*:*:*:*:*:*

cpe:2.3:h:micasaverde:veralite:-:*:*:*:*:*:*:*

EPSS

Процентиль: 37%

0.00157

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-9mgj-phmh-c9xm

github

почти 4 года назад