Vulnerabilities > CVE-2013-4862 - Incorrect Authorization vulnerability in Micasaverde Veralite Firmware 1.5.408

047910
CVSS 5.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
micasaverde
CWE-863
exploit available
NVD
Published: 2020-01-28
Updated: 2020-02-04

Summary

MiCasaVerde VeraLite with firmware 1.5.408 does not properly restrict access, which allows remote authenticated users to (1) update the firmware via the squashfs parameter to upgrade_step2.sh or (2) obtain hashed passwords via the cgi-bin/cmh/backup.sh page.

Vulnerable Configurations

Part Description Count
OS
Micasaverde
1
Hardware
Micasaverde
1

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionMiCasaVerde VeraLite 1.5.408 - Multiple Vulnerabilities. CVE-2013-4861,CVE-2013-4862,CVE-2013-4863,CVE-2013-4864,CVE-2013-4865. Webapps exploit for hardware ...
idEDB-ID:27286
last seen2016-02-03
modified2013-08-02
published2013-08-02
reporterTrustwave's SpiderLabs
sourcehttps://www.exploit-db.com/download/27286/
titleMiCasaVerde VeraLite 1.5.408 - Multiple Vulnerabilities

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/122654/TWSL2013-019.txt
idPACKETSTORM:122654
last seen2016-12-05
published2013-08-02
reporterDan Crowley
sourcehttps://packetstormsecurity.com/files/122654/MiCasaVerde-VeraLite-1.5.408-Traversal-Authorization-CSRF-Disclosure.html
titleMiCasaVerde VeraLite 1.5.408 Traversal / Authorization / CSRF / Disclosure

Seebug

bulletinFamilyexploit
descriptionNo description provided by source.
idSSV:80900
last seen2017-11-19
modified2014-07-01
published2014-07-01
reporterRoot
sourcehttps://www.seebug.org/vuldb/ssvid-80900
titleMiCasaVerde VeraLite 1.5.408 - Multiple Vulnerabilities

References