Vulnerabilities > CVE-2013-4864 - Server-Side Request Forgery (SSRF) vulnerability in Micasaverde Veralite Firmware 1.5.408

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
micasaverde
CWE-918
critical
exploit available
NVD
Published: 2020-01-28
Updated: 2020-02-04

Summary

MiCasaVerde VeraLite with firmware 1.5.408 allows remote attackers to send HTTP requests to intranet servers via the url parameter to cgi-bin/cmh/proxy.sh, related to a Server-Side Request Forgery (SSRF) issue.

Vulnerable Configurations

Part Description Count
OS
Micasaverde
1
Hardware
Micasaverde
1

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionMiCasaVerde VeraLite 1.5.408 - Multiple Vulnerabilities. CVE-2013-4861,CVE-2013-4862,CVE-2013-4863,CVE-2013-4864,CVE-2013-4865. Webapps exploit for hardware ...
idEDB-ID:27286
last seen2016-02-03
modified2013-08-02
published2013-08-02
reporterTrustwave's SpiderLabs
sourcehttps://www.exploit-db.com/download/27286/
titleMiCasaVerde VeraLite 1.5.408 - Multiple Vulnerabilities

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/122654/TWSL2013-019.txt
idPACKETSTORM:122654
last seen2016-12-05
published2013-08-02
reporterDan Crowley
sourcehttps://packetstormsecurity.com/files/122654/MiCasaVerde-VeraLite-1.5.408-Traversal-Authorization-CSRF-Disclosure.html
titleMiCasaVerde VeraLite 1.5.408 Traversal / Authorization / CSRF / Disclosure

Seebug

bulletinFamilyexploit
descriptionNo description provided by source.
idSSV:80900
last seen2017-11-19
modified2014-07-01
published2014-07-01
reporterRoot
sourcehttps://www.seebug.org/vuldb/ssvid-80900
titleMiCasaVerde VeraLite 1.5.408 - Multiple Vulnerabilities

References