CVE-2013-0126

Verizon FIOS Actiontec MI424WR-GEN3I Router Firmware 40.19.36 - Cross-Site Request Forgery via index.cgi

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-0126. PoCs published by Jacob Holcomb.

AI-analyzed exploit summary This exploit demonstrates a CSRF vulnerability in Verizon FIOS routers, allowing an attacker to add an administrator user and enable remote administration without user interaction. The exploit consists of three HTML files that chain CSRF requests to achieve the attack.

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in index.cgi on the Verizon FIOS Actiontec MI424WR-GEN3I router with firmware 40.19.36 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrative accounts via the username and user_level parameters or (2) enable remote administration via the is_telnet_primary and is_telnet_secondary parameters.

Exploits (1)

exploitdb WORKING POC

by Jacob Holcomb · textwebappshardware

https://www.exploit-db.com/exploits/24860

View Code ZIP pw:eip

This exploit demonstrates a CSRF vulnerability in Verizon FIOS routers, allowing an attacker to add an administrator user and enable remote administration without user interaction. The exploit consists of three HTML files that chain CSRF requests to achieve the attack.

Classification

Working Poc 100%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Verizon FIOS Router - Firmware 40.19.36

No auth needed

Prerequisites: Victim must visit a malicious webpage while logged into the router's admin interface

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/278204

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/24860/

Exploit x_refsource_misc

http://infosec42.blogspot.com/2013/03/verizon-fios-router-csrf-cve-2013-0126.html

Scores

EPSS 0.0294

EPSS Percentile 85.3%

Details

CWE

CWE-352

Status published

Products (2)

verizon/fios_actiontec_mi424wr-gen31_router

verizon/fios_actiontec_mi424wr-gen31_router_firmware 40.19.36

Published Mar 21, 2013

Tracked Since Feb 18, 2026