CVE-2013-4861

MEDIUM

MiCasaVerde VeraLite <1.5.408 - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-4861. PoCs published by Trustwave's SpiderLabs.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in MiCasaVerde VeraLite, including path traversal, insufficient authorization checks, and CSRF. It provides proof-of-concept code for arbitrary file disclosure, privilege escalation via firmware updates, and remote code execution through Lua code injection.

Description

Directory traversal vulnerability in cgi-bin/cmh/get_file.sh in MiCasaVerde VeraLite with firmware 1.5.408 allows remote authenticated users to read arbirary files via a .. (dot dot) in the filename parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Trustwave's SpiderLabs · textwebappshardware
https://www.exploit-db.com/exploits/27286

The exploit demonstrates multiple vulnerabilities in MiCasaVerde VeraLite, including path traversal, insufficient authorization checks, and CSRF. It provides proof-of-concept code for arbitrary file disclosure, privilege escalation via firmware updates, and remote code execution through Lua code injection.

Classification
Working Poc 100%
Attack Type
Rce | Auth Bypass | Info Leak | Ssrf | Csrf
Complexity
Trivial
Reliability
Reliable
Target: MiCasaVerde VeraLite 1.5.408
No auth needed
Prerequisites: Network access to the VeraLite device · Guest or admin credentials for some exploits
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://www.exploit-db.com/exploits/27286

Scores

CVSS v3 6.5
EPSS 0.0663
EPSS Percentile 93.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-22
Status published
Products (1)
micasaverde/veralite_firmware 1.5.408
Published Jan 28, 2020
Tracked Since Feb 18, 2026