CVE-2013-4863

HIGH EXPLOITED

MiCasaVerde VeraLite <1.5.408 - RCE

Title source: llm

Description

The HomeAutomationGateway service in MiCasaVerde VeraLite with firmware 1.5.408 allows (1) remote attackers to execute arbitrary Lua code via a RunLua action in a request to upnp/control/hag on port 49451 or (2) remote authenticated users to execute arbitrary Lua code via a RunLua action in a request to port_49451/upnp/control/hag.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Trustwave's SpiderLabs · textwebappshardware

https://www.exploit-db.com/exploits/27286

View Code ZIP pw:eip

exploitdb WORKING POC

by Jacob Baines · htmlremotehardware

https://www.exploit-db.com/exploits/40589

View Code ZIP pw:eip

vulncheck_xdb WORKING POC

remote

https://github.com/jacob-baines/veralite_upnp_exploit_poc

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/122654/MiCasaVerde-VeraLite-1.5.408-Traversal-Authorization-CSRF-Disclosure.html

[Exploit, Third Party Advisory, VDB Entry] http://www.exploit-db.com/exploits/27286

[Exploit] https://www3.trustwave.com/spiderlabs/advisories/TWSL2013-019.txt

Scores

CVSS v3 8.8

EPSS 0.2941

EPSS Percentile 96.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2020-12-01

CWE

CWE-287

Status published

Products (1)

micasaverde/veralite_firmware 1.5.408

Published Jan 28, 2020

Tracked Since Feb 18, 2026