CVE-2013-0126

Verizon Fios Actiontec Mi424wr-gen31 Router Firmware - CSRF

Title source: rule

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in index.cgi on the Verizon FIOS Actiontec MI424WR-GEN3I router with firmware 40.19.36 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrative accounts via the username and user_level parameters or (2) enable remote administration via the is_telnet_primary and is_telnet_secondary parameters.

Exploits (1)

exploitdb WORKING POC

by Jacob Holcomb · textwebappshardware

https://www.exploit-db.com/exploits/24860

View Code ZIP pw:eip

References (3)

Core 3

Core References

US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/278204

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/24860/

Exploit x_refsource_misc

http://infosec42.blogspot.com/2013/03/verizon-fios-router-csrf-cve-2013-0126.html

Scores

EPSS 0.0094

EPSS Percentile 76.3%

Details

CWE

CWE-352

Status published

Products (2)

verizon/fios_actiontec_mi424wr-gen31_router

verizon/fios_actiontec_mi424wr-gen31_router_firmware 40.19.36

Published Mar 21, 2013

Tracked Since Feb 18, 2026