CVE-2013-4868

MEDIUM

Karotz API <12.07.19.00 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-4868. PoCs published by Trustwave's SpiderLabs.

AI-analyzed exploit summary The advisory describes two vulnerabilities in Karotz Smart Rabbit: Python module hijacking (CVE-2013-4867) and API session token exposure (CVE-2013-4868). The Python module hijacking allows arbitrary code execution via a malicious 'simplejson.py' file on a USB drive, while the API token issue enables unauthorized control of the device.

Description

Karotz API 12.07.19.00: Session Token Information Disclosure

Exploits (1)

exploitdb WRITEUP VERIFIED
by Trustwave's SpiderLabs · textlocalhardware
https://www.exploit-db.com/exploits/27285

The advisory describes two vulnerabilities in Karotz Smart Rabbit: Python module hijacking (CVE-2013-4867) and API session token exposure (CVE-2013-4868). The Python module hijacking allows arbitrary code execution via a malicious 'simplejson.py' file on a USB drive, while the API token issue enables unauthorized control of the device.

Classification
Writeup 100%
Attack Type
Rce | Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Karotz Smart Rabbit 12.07.19.00
No auth needed
Prerequisites: Physical access to insert a USB drive · Network access to intercept API tokens
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://www.exploit-db.com/exploits/27285
Third Party Advisory, VDB Entry x_refsource_misc
http://www.securityfocus.com/bid/61584
Third Party Advisory, VDB Entry x_refsource_misc
https://exchange.xforce.ibmcloud.com/vulnerabilities/86221

Scores

CVSS v3 5.3
EPSS 0.0496
EPSS Percentile 91.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-200
Status published
Products (1)
karotz/api 12.07.19.00
Published Dec 27, 2019
Tracked Since Feb 18, 2026