CVE-2013-5039

Published: Dec 30, 2013Modified: Apr 29, 2026

5.4

Vector

AV:A/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 5.5 / Impact: 6.4

Source: NVD

Description

Cross-site request forgery (CSRF) vulnerability in goform/wlanBasicSecurity on the HOT HOTBOX router with software 2.1.11 allows remote attackers to hijack the authentication of administrators for requests that change the WiFi Security field to Deactivated via the WifiSecurity parameter.

Affected (2)

Products: Hot: Hotbox Router Firmware, Hotbox Router

2 products

Hotbox Router Firmware

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Hot Hotbox Router Firmware	Version 2.1.11
Hot Hotbox Router	All versions

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (4)

http://packetstormsecurity.com/files/123901/HOTBOX-2.1.11-CSRF-Traversal-Denial-Of-Service.html

Source: cve@mitre.org

Exploit

http://www.youtube.com/watch?v=CPlT09ZIj48

Source: cve@mitre.org

Exploit

http://packetstormsecurity.com/files/123901/HOTBOX-2.1.11-CSRF-Traversal-Denial-Of-Service.html

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.youtube.com/watch?v=CPlT09ZIj48

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

Timeline

No history available yet.