CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The HomeAutomationGateway service in MiCasaVerde VeraLite with firmware 1.5.408 allows 1 remote attackers to execute arbitrary Lua code via a RunLua action in a request to upnp/control/hag on port 49451 or 2 remote authenticated users to execute arbitrary Lua code via a RunLua action in a...

9CVSS7.5AI score0.12184EPSS

Exploits10References1

NVD•added 2020/01/28 5:15 p.m.•29 views

CVE-2013-4861

Directory traversal vulnerability in cgi-bin/cmh/getfile.sh in MiCasaVerde VeraLite with firmware 1.5.408 allows remote authenticated users to read arbirary files via a .. dot dot in the filename parameter...

6.5CVSS6AI score0.06633EPSS

Exploits6References3

NVD•added 2020/01/28 5:15 p.m.•26 views

CVE-2013-4863

9CVSS8.6AI score0.12184EPSS

Exploits10References3

NVD•added 2020/01/28 5:15 p.m.•22 views

CVE-2013-4864

MiCasaVerde VeraLite with firmware 1.5.408 allows remote attackers to send HTTP requests to intranet servers via the url parameter to cgi-bin/cmh/proxy.sh, related to a Server-Side Request Forgery SSRF issue...

9.8CVSS9.4AI score0.06306EPSS

Exploits6References3

NVD•added 2020/01/28 5:15 p.m.•25 views

CVE-2013-4862

MiCasaVerde VeraLite with firmware 1.5.408 does not properly restrict access, which allows remote authenticated users to 1 update the firmware via the squashfs parameter to upgradestep2.sh or 2 obtain hashed passwords via the cgi-bin/cmh/backup.sh page...

8.1CVSS7.8AI score0.03724EPSS

Exploits6References3

NVD•added 2020/01/28 5:15 p.m.•30 views

CVE-2013-4865

Cross-site request forgery CSRF vulnerability in upgradestep2.sh in MiCasaVerde VeraLite with firmware 1.5.408 allows remote attackers to hijack the authentication of users for requests that install arbitrary firmware via the squashfs parameter...

6.5CVSS6.8AI score0.01731EPSS

Exploits6References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by