CVE-2013-4864

Published: Jan 28, 2020Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

MiCasaVerde VeraLite with firmware 1.5.408 allows remote attackers to send HTTP requests to intranet servers via the url parameter to cgi-bin/cmh/proxy.sh, related to a Server-Side Request Forgery (SSRF) issue.

Affected (1)

Products: Micasaverde: Veralite Firmware

Micasaverde

1 product

Veralite Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Micasaverde Veralite Firmware	Version 1.5.408

Running on/with	Platform Versions
Micasaverde Veralite	All versions

Related CWEs

CWE-918

Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (6)

http://packetstormsecurity.com/files/122654/MiCasaVerde-VeraLite-1.5.408-Traversal-Authorization-CSRF-Disclosure.html

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

http://www.exploit-db.com/exploits/27286

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

https://www3.trustwave.com/spiderlabs/advisories/TWSL2013-019.txt

Source: cve@mitre.org

Exploit

http://packetstormsecurity.com/files/122654/MiCasaVerde-VeraLite-1.5.408-Traversal-Authorization-CSRF-Disclosure.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

http://www.exploit-db.com/exploits/27286

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

https://www3.trustwave.com/spiderlabs/advisories/TWSL2013-019.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

Timeline

No history available yet.