Micasaverde Veralite Firmware vulnerabilities
5 known vulnerabilities affecting micasaverde/veralite_firmware.
Total CVEs
5
CISA KEV
0
Public exploits
5
Exploited in wild
1
Severity breakdown
CRITICAL1HIGH2MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2013-4863P1HIGHCVSS 8.8ExploitedPoCv1.5.4082020-01-28
CVE-2013-4863 [HIGH] CWE-287 CVE-2013-4863: The HomeAutomationGateway service in MiCasaVerde VeraLite with firmware 1.5.408 allows (1) remote at
The HomeAutomationGateway service in MiCasaVerde VeraLite with firmware 1.5.408 allows (1) remote attackers to execute arbitrary Lua code via a RunLua action in a request to upnp/control/hag on port 49451 or (2) remote authenticated users to execute arbitrary Lua code via a RunLua action in a request to port_49451/upnp/control/hag.
nvd
CVE-2013-4864P2CRITICALCVSS 9.8PoCv1.5.4082020-01-28
CVE-2013-4864 [CRITICAL] CWE-918 CVE-2013-4864: MiCasaVerde VeraLite with firmware 1.5.408 allows remote attackers to send HTTP requests to intranet
MiCasaVerde VeraLite with firmware 1.5.408 allows remote attackers to send HTTP requests to intranet servers via the url parameter to cgi-bin/cmh/proxy.sh, related to a Server-Side Request Forgery (SSRF) issue.
nvd
CVE-2013-4862P3HIGHCVSS 8.1PoCv1.5.4082020-01-28
CVE-2013-4862 [HIGH] CWE-863 CVE-2013-4862: MiCasaVerde VeraLite with firmware 1.5.408 does not properly restrict access, which allows remote au
MiCasaVerde VeraLite with firmware 1.5.408 does not properly restrict access, which allows remote authenticated users to (1) update the firmware via the squashfs parameter to upgrade_step2.sh or (2) obtain hashed passwords via the cgi-bin/cmh/backup.sh page.
nvd
CVE-2013-4861P3MEDIUMCVSS 6.5PoCv1.5.4082020-01-28
CVE-2013-4861 [MEDIUM] CWE-22 CVE-2013-4861: Directory traversal vulnerability in cgi-bin/cmh/get_file.sh in MiCasaVerde VeraLite with firmware 1
Directory traversal vulnerability in cgi-bin/cmh/get_file.sh in MiCasaVerde VeraLite with firmware 1.5.408 allows remote authenticated users to read arbirary files via a .. (dot dot) in the filename parameter.
nvd
CVE-2013-4865P3MEDIUMCVSS 6.5PoCv1.5.4082020-01-28
CVE-2013-4865 [MEDIUM] CWE-352 CVE-2013-4865: Cross-site request forgery (CSRF) vulnerability in upgrade_step2.sh in MiCasaVerde VeraLite with fir
Cross-site request forgery (CSRF) vulnerability in upgrade_step2.sh in MiCasaVerde VeraLite with firmware 1.5.408 allows remote attackers to hijack the authentication of users for requests that install arbitrary firmware via the squashfs parameter.
nvd