cbcvebase.

Hot Hotbox Router Firmware vulnerabilities

6 known vulnerabilities affecting hot/hotbox_router_firmware.

Total CVEs
6
CISA KEV
0
Public exploits
6
Exploited in wild
0
Severity breakdown
MEDIUM3LOW3

Vulnerabilities

Page 1 of 1
CVE-2013-5038P3MEDIUMCVSS 5.8PoCv2.1.112013-12-30
CVE-2013-5038 [MEDIUM] CWE-287 CVE-2013-5038: The HOT HOTBOX router with software 2.1.11 allows remote attackers to bypass authentication by confi The HOT HOTBOX router with software 2.1.11 allows remote attackers to bypass authentication by configuring a source IP address that had previously been used for an authenticated session.
nvd
CVE-2013-5220P4MEDIUMCVSS 6.1PoCv2.1.112013-12-30
CVE-2013-5220 [MEDIUM] CWE-20 CVE-2013-5220: goform/login on the HOT HOTBOX router with software 2.1.11 allows remote attackers to cause a denial goform/login on the HOT HOTBOX router with software 2.1.11 allows remote attackers to cause a denial of service (device crash) via crafted HTTP POST data.
nvd
CVE-2013-5219P4LOWCVSS 3.3PoCv2.1.112013-12-30
CVE-2013-5219 [LOW] CWE-22 CVE-2013-5219: Directory traversal vulnerability on the HOT HOTBOX router with software 2.1.11 allows remote attack Directory traversal vulnerability on the HOT HOTBOX router with software 2.1.11 allows remote attackers to read arbitrary files via a .. (dot dot) in a URI, as demonstrated by a request for /etc/passwd.
nvd
CVE-2013-5039P4MEDIUMCVSS 5.4PoCv2.1.112013-12-30
CVE-2013-5039 [MEDIUM] CWE-352 CVE-2013-5039: Cross-site request forgery (CSRF) vulnerability in goform/wlanBasicSecurity on the HOT HOTBOX router Cross-site request forgery (CSRF) vulnerability in goform/wlanBasicSecurity on the HOT HOTBOX router with software 2.1.11 allows remote attackers to hijack the authentication of administrators for requests that change the WiFi Security field to Deactivated via the WifiSecurity parameter.
nvd
CVE-2013-5218P4LOWCVSS 2.9PoCv2.1.112013-12-30
CVE-2013-5218 [LOW] CWE-79 CVE-2013-5218: Cross-site scripting (XSS) vulnerability on the HOT HOTBOX router with software 2.1.11 allows remote Cross-site scripting (XSS) vulnerability on the HOT HOTBOX router with software 2.1.11 allows remote attackers to inject arbitrary web script or HTML via a crafted DHCP Host Name option, which is not properly handled during rendering of the DHCP table in wlanAccess.asp.
nvd
CVE-2013-5037P4LOWCVSS 3.3PoCv2.1.112013-12-30
CVE-2013-5037 [LOW] CWE-255 CVE-2013-5037: The HOT HOTBOX router with software 2.1.11 has a default WPS PIN of 12345670, which makes it easier The HOT HOTBOX router with software 2.1.11 has a default WPS PIN of 12345670, which makes it easier for remote attackers to obtain the WPA or WPA2 pre-shared key via EAP messages.
nvd
Hot Hotbox Router Firmware vulnerabilities | cvebase