CVE-2013-4863

HIGH EXPLOITED

MiCasaVerde VeraLite <1.5.408 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2013-4863 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 3 public exploits from researchers including Trustwave's SpiderLabs, Jacob Baines.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in MiCasaVerde VeraLite, including path traversal, insufficient authorization checks, and CSRF. It provides proof-of-concept code for arbitrary file disclosure, privilege escalation via firmware updates, and remote code execution through Lua code injection.

Description

The HomeAutomationGateway service in MiCasaVerde VeraLite with firmware 1.5.408 allows (1) remote attackers to execute arbitrary Lua code via a RunLua action in a request to upnp/control/hag on port 49451 or (2) remote authenticated users to execute arbitrary Lua code via a RunLua action in a request to port_49451/upnp/control/hag.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Trustwave's SpiderLabs · textwebappshardware
https://www.exploit-db.com/exploits/27286

The exploit demonstrates multiple vulnerabilities in MiCasaVerde VeraLite, including path traversal, insufficient authorization checks, and CSRF. It provides proof-of-concept code for arbitrary file disclosure, privilege escalation via firmware updates, and remote code execution through Lua code injection.

Classification
Working Poc 100%
Attack Type
Rce | Auth Bypass | Info Leak | Ssrf | Csrf
Complexity
Trivial
Reliability
Reliable
Target: MiCasaVerde VeraLite 1.5.408
No auth needed
Prerequisites: Network access to the VeraLite device · Guest or admin credentials for some exploits
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
by Jacob Baines · htmlremotehardware
https://www.exploit-db.com/exploits/40589

This HTML-based exploit leverages CVE-2013-4863 and CVE-2016-6255 to achieve remote code execution on MiCasa VeraLite devices by exploiting a vulnerable libupnp server and executing a reverse shell via Lua code injection.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: MiCasa VeraLite (specific version not specified)
No auth needed
Prerequisites: Victim must visit a crafted webpage · VeraLite device must be on the same LAN as the victim · VeraLite must be running a vulnerable version of libupnp
devstral-2 · analyzed Feb 16, 2026 Full analysis →
vulncheck_xdb WORKING POC
remote
https://github.com/jacob-baines/veralite_upnp_exploit_poc

This repository contains a functional exploit PoC for CVE-2013-4863, leveraging a combination of UPnP vulnerabilities (CVE-2013-4863 and CVE-2016-6255) and WebRTC IP leakage to achieve remote code execution on VeraLite devices. The exploit involves creating a malicious file via UPnP, bypassing same-origin policy, and executing a reverse shell.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: VeraLite (UPnP libupnp)
No auth needed
Prerequisites: Client on the same /24 network as the VeraLite device · UPnP HTTP server running on port 49451 · Vulnerable libupnp version
devstral-2 · analyzed Feb 25, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://www.exploit-db.com/exploits/27286

Scores

CVSS v3 8.8
EPSS 0.2842
EPSS Percentile 96.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2020-12-01
CWE
CWE-287
Status published
Products (1)
micasaverde/veralite_firmware 1.5.408
Published Jan 28, 2020
Tracked Since Feb 18, 2026