Vulnerabilities > Micasaverde > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-28 | CVE-2013-4863 | Improper Authentication vulnerability in Micasaverde Veralite Firmware 1.5.408 The HomeAutomationGateway service in MiCasaVerde VeraLite with firmware 1.5.408 allows (1) remote attackers to execute arbitrary Lua code via a RunLua action in a request to upnp/control/hag on port 49451 or (2) remote authenticated users to execute arbitrary Lua code via a RunLua action in a request to port_49451/upnp/control/hag. | 8.8 |
| 2020-01-28 | CVE-2013-4862 | Incorrect Authorization vulnerability in Micasaverde Veralite Firmware 1.5.408 MiCasaVerde VeraLite with firmware 1.5.408 does not properly restrict access, which allows remote authenticated users to (1) update the firmware via the squashfs parameter to upgrade_step2.sh or (2) obtain hashed passwords via the cgi-bin/cmh/backup.sh page. | 8.1 |