Hotbox Router Firmware Security Vulnerabilities and Issues — Hotbox Router Firmware CVE List

Lucene search

HotHotbox Router Firmware

6 matches found

CVE•added 2013/12/30 4:53 a.m.•40 views

CVE-2013-5037

The HOT HOTBOX router with software 2.1.11 has a default WPS PIN of 12345670, which makes it easier for remote attackers to obtain the WPA or WPA2 pre-shared key via EAP messages.

3.3CVSS6.6AI score0.01693EPSS

CVE•added 2013/12/30 4:53 a.m.•40 views

CVE-2013-5218

Cross-site scripting (XSS) vulnerability on the HOT HOTBOX router with software 2.1.11 allows remote attackers to inject arbitrary web script or HTML via a crafted DHCP Host Name option, which is not properly handled during rendering of the DHCP table in wlanAccess.asp.

2.9CVSS5.5AI score0.0132EPSS

CVE•added 2013/12/30 4:53 a.m.•40 views

CVE-2013-5219

Directory traversal vulnerability on the HOT HOTBOX router with software 2.1.11 allows remote attackers to read arbitrary files via a .. (dot dot) in a URI, as demonstrated by a request for /etc/passwd.

3.3CVSS6.7AI score0.03883EPSS

CVE•added 2013/12/30 4:53 a.m.•38 views

CVE-2013-5220

goform/login on the HOT HOTBOX router with software 2.1.11 allows remote attackers to cause a denial of service (device crash) via crafted HTTP POST data.

6.1CVSS6.6AI score0.013EPSS

CVE•added 2013/12/30 4:53 a.m.•32 views

CVE-2013-5038

The HOT HOTBOX router with software 2.1.11 allows remote attackers to bypass authentication by configuring a source IP address that had previously been used for an authenticated session.

5.8CVSS6.8AI score0.00496EPSS

CVE•added 2013/12/30 4:53 a.m.•31 views

CVE-2013-5039

Cross-site request forgery (CSRF) vulnerability in goform/wlanBasicSecurity on the HOT HOTBOX router with software 2.1.11 allows remote attackers to hijack the authentication of administrators for requests that change the WiFi Security field to Deactivated via the WifiSecurity parameter.

5.4CVSS7.1AI score0.0026EPSS