Description
Cross-site request forgery (CSRF) vulnerability in upgrade_step2.sh in MiCasaVerde VeraLite with firmware 1.5.408 allows remote attackers to hijack the authentication of users for requests that install arbitrary firmware via the squashfs parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Trustwave's SpiderLabs · textwebappshardware
https://www.exploit-db.com/exploits/27286
References (3)
Core 3
Core References
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/122654/MiCasaVerde-VeraLite-1.5.408-Traversal-Authorization-CSRF-Disclosure.html
Exploit x_refsource_misc
https://www3.trustwave.com/spiderlabs/advisories/TWSL2013-019.txt
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://www.exploit-db.com/exploits/27286
Scores
CVSS v3
6.5
EPSS
0.0016
EPSS Percentile
36.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Details
CWE
CWE-352
Status
published
Products (1)
micasaverde/veralite_firmware
1.5.408
Published
Jan 28, 2020
Tracked Since
Feb 18, 2026