Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9
CVSSv2

CVE-2013-4863

Published: 28/01/2020 Updated: 04/02/2020
CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 910
Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
Subscribe to Micasaverde

Vulnerability Summary

The HomeAutomationGateway service in MiCasaVerde VeraLite with firmware 1.5.408 allows (1) remote malicious users to execute arbitrary Lua code via a RunLua action in a request to upnp/control/hag on port 49451 or (2) remote authenticated users to execute arbitrary Lua code via a RunLua action in a request to port_49451/upnp/control/hag.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

micasaverde veralite_firmware 1.5.408

Exploits

Exploit DB: MiCasaVerde VeraLite - Remote Code Execution
# Exploit Title: MiCasa VeraLite Remote Code Execution # Date: 10-20-2016 # Software Link: getveracom/controllers/veralite/ # Exploit Author: Jacob Baines # Contact: twittercom/Junior_Baines # CVE: CVE-2013-4863 & CVE-2016-6255 # Platform: Hardware 1 Description A remote attacker can execute code on the MiCasa VeraLite if so ...
Exploit DB: MiCasaVerde VeraLite 1.5.408 - Multiple Vulnerabilities
Trustwave SpiderLabs Security Advisory TWSL2013-019: Multiple Vulnerabilities in MiCasaVerde VeraLite Published: 08/01/13 Version: 10 Vendor: MiCasaVerde (wwwmicasaverdecom/) Product: VeraLite Version affected: 15408 Product description: The MiCasaVerde VeraLite is the budget model from MiCasaVerde, a product which centralizes contr ...
Exploit DB: MiCasaVerde VeraLite 1.5.408 Traversal / Authorization / CSRF / Disclosure
MiCasaVerde VeraLite version 15408 suffers from path traversal, insufficient authorization checks, and cross site request forgery vulnerabilities ...
Exploit DB: MiCasa VeraLite Remote Code Execution
MiCasa VeraLite suffers from a remote code execution vulnerability ...

Github Repositories

https://github.com/jacob-baines/veralite_upnp_exploit_poc

A proof of concept exploit against the Veralite

runluahtml Overview runluahtml, when loaded in a browser, will attempt to get a reverse shell on a VeraLite device on the client's network This is achieved using a combination of CVE-2013-4863, CVE-2016-6255, and WebRTC IP leak The full attack follows these steps: Acquire the client's internal IP address using webrtc We then assume the client is operating on a /

References

CWE-287http://www.exploit-db.com/exploits/27286http://packetstormsecurity.com/files/122654/MiCasaVerde-VeraLite-1.5.408-Traversal-Authorization-CSRF-Disclosure.htmlhttps://www3.trustwave.com/spiderlabs/advisories/TWSL2013-019.txthttps://nvd.nist.govhttps://github.com/jacob-baines/veralite_upnp_exploit_pochttps://www.exploit-db.com/exploits/40589/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
validationCVE-2024-34413CVE-2024-34089CVE-2024-33408localSQLCVE-2024-0402CVE-2024-33910CVE-2024-31848
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook