CVE-2013-4867

MEDIUM

Electronic Arts Karotz Smart Rabbit <12.07.19.00 - Code Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-4867. PoCs published by Trustwave's SpiderLabs.

AI-analyzed exploit summary The advisory describes two vulnerabilities in Karotz Smart Rabbit: Python module hijacking (CVE-2013-4867) and API session token exposure (CVE-2013-4868). The Python module hijacking allows arbitrary code execution via a malicious 'simplejson.py' file on a USB drive, while the API token issue enables unauthorized control of the device.

Description

Electronic Arts Karotz Smart Rabbit 12.07.19.00 allows Python module hijacking

Exploits (1)

exploitdb WRITEUP VERIFIED
by Trustwave's SpiderLabs · textlocalhardware
https://www.exploit-db.com/exploits/27285

The advisory describes two vulnerabilities in Karotz Smart Rabbit: Python module hijacking (CVE-2013-4867) and API session token exposure (CVE-2013-4868). The Python module hijacking allows arbitrary code execution via a malicious 'simplejson.py' file on a USB drive, while the API token issue enables unauthorized control of the device.

Classification
Writeup 100%
Attack Type
Rce | Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Karotz Smart Rabbit 12.07.19.00
No auth needed
Prerequisites: Physical access to insert a USB drive · Network access to intercept API tokens
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://www.exploit-db.com/exploits/27285

Scores

CVSS v3 6.3
EPSS 0.0156
EPSS Percentile 71.9%
Attack Vector PHYSICAL
CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-269
Status published
Products (1)
ea/karotz_smart_rabbit_firmware 12.07.19.00
Published Dec 27, 2019
Tracked Since Feb 18, 2026