Lucene search

[email protected]CVE-2013-5039

HistoryDec 30, 2013 - 4:53 a.m.

CVE-2013-5039

2013-12-3004:53:07

CWE-352

[email protected]

web.nvd.nist.gov

cve-2013-5039

csrf

vulnerability

hot hotbox router

goform

wlanbasicsecurity

wifi security

deactivated

nvd

5.4 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:M/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

65.7%

JSON

Cross-site request forgery (CSRF) vulnerability in goform/wlanBasicSecurity on the HOT HOTBOX router with software 2.1.11 allows remote attackers to hijack the authentication of administrators for requests that change the WiFi Security field to Deactivated via the WifiSecurity parameter.

Affected configurations

NVD

Node

hothotbox_router_firmwareMatch2.1.11

AND

hothotbox_routerMatch-

CPENameOperatorVersion
hot:hotbox_router_firmwarehot hotbox router firmwareeq2.1.11
hot:hotbox_routerhot hotbox routereq-

CPE	Name	Operator	Version
hot:hotbox_router_firmware	hot hotbox router firmware	eq	2.1.11
hot:hotbox_router	hot hotbox router	eq	-

References

packetstormsecurity.com/files/123901/HOTBOX-2.1.11-CSRF-Traversal-Denial-Of-Service.html

www.youtube.com/watch?v=CPlT09ZIj48

5.4 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:M/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

65.7%

JSON

Related for CVE-2013-5039

nvd1 cvelist1 prion1 seebug1 packetstorm1 exploitpack1 zdt2 exploitdb1