Veralite Firmware@1.5.408 Security Vulnerabilities and Issues — Veralite Firmware@1.5.408 CVE List

Lucene search

MicasaverdeVeralite Firmware1.5.408

5 matches found

CVE•added 2020/01/28 5:15 p.m.•57 views

CVE-2013-4863

The HomeAutomationGateway service in MiCasaVerde VeraLite with firmware 1.5.408 allows (1) remote attackers to execute arbitrary Lua code via a RunLua action in a request to upnp/control/hag on port 49451 or (2) remote authenticated users to execute arbitrary Lua code via a RunLua action in a reque...

9CVSS8.5AI score0.29409EPSS

CVE•added 2020/01/28 5:15 p.m.•48 views

CVE-2013-4865

Cross-site request forgery (CSRF) vulnerability in upgrade_step2.sh in MiCasaVerde VeraLite with firmware 1.5.408 allows remote attackers to hijack the authentication of users for requests that install arbitrary firmware via the squashfs parameter.

6.5CVSS7.8AI score0.00157EPSS

CVE•added 2020/01/28 5:15 p.m.•41 views

CVE-2013-4864

MiCasaVerde VeraLite with firmware 1.5.408 allows remote attackers to send HTTP requests to intranet servers via the url parameter to cgi-bin/cmh/proxy.sh, related to a Server-Side Request Forgery (SSRF) issue.

9.8CVSS9.1AI score0.30461EPSS

CVE•added 2020/01/28 5:15 p.m.•40 views

CVE-2013-4862

MiCasaVerde VeraLite with firmware 1.5.408 does not properly restrict access, which allows remote authenticated users to (1) update the firmware via the squashfs parameter to upgrade_step2.sh or (2) obtain hashed passwords via the cgi-bin/cmh/backup.sh page.

8.1CVSS8AI score0.07944EPSS

CVE•added 2020/01/28 5:15 p.m.•39 views

CVE-2013-4861

Directory traversal vulnerability in cgi-bin/cmh/get_file.sh in MiCasaVerde VeraLite with firmware 1.5.408 allows remote authenticated users to read arbirary files via a .. (dot dot) in the filename parameter.

6.5CVSS6.8AI score0.14561EPSS