Arbitrary Firmware Installation via CSRF Vulnerability in MiCasaVerde VeraLite

Arbitrary Firmware Installation via CSRF Vulnerability in MiCasaVerde VeraLite

CVE-2013-4865 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Cross-site request forgery (CSRF) vulnerability in upgrade_step2.sh in MiCasaVerde VeraLite with firmware 1.5.408 allows remote attackers to hijack the authentication of users for requests that install arbitrary firmware via the squashfs parameter.

Learn more about our User Device Pen Test.