Vulnerabilities > CVE-2013-4862 - Incorrect Authorization vulnerability in Micasaverde Veralite Firmware 1.5.408
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
NONE Summary
MiCasaVerde VeraLite with firmware 1.5.408 does not properly restrict access, which allows remote authenticated users to (1) update the firmware via the squashfs parameter to upgrade_step2.sh or (2) obtain hashed passwords via the cgi-bin/cmh/backup.sh page.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 1 | |
| Hardware | 1 |
Common Weakness Enumeration (CWE)
Exploit-Db
| description | MiCasaVerde VeraLite 1.5.408 - Multiple Vulnerabilities. CVE-2013-4861,CVE-2013-4862,CVE-2013-4863,CVE-2013-4864,CVE-2013-4865. Webapps exploit for hardware ... |
| id | EDB-ID:27286 |
| last seen | 2016-02-03 |
| modified | 2013-08-02 |
| published | 2013-08-02 |
| reporter | Trustwave's SpiderLabs |
| source | https://www.exploit-db.com/download/27286/ |
| title | MiCasaVerde VeraLite 1.5.408 - Multiple Vulnerabilities |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/122654/TWSL2013-019.txt |
| id | PACKETSTORM:122654 |
| last seen | 2016-12-05 |
| published | 2013-08-02 |
| reporter | Dan Crowley |
| source | https://packetstormsecurity.com/files/122654/MiCasaVerde-VeraLite-1.5.408-Traversal-Authorization-CSRF-Disclosure.html |
| title | MiCasaVerde VeraLite 1.5.408 Traversal / Authorization / CSRF / Disclosure |
Seebug
| bulletinFamily | exploit |
| description | No description provided by source. |
| id | SSV:80900 |
| last seen | 2017-11-19 |
| modified | 2014-07-01 |
| published | 2014-07-01 |
| reporter | Root |
| source | https://www.seebug.org/vuldb/ssvid-80900 |
| title | MiCasaVerde VeraLite 1.5.408 - Multiple Vulnerabilities |