CVE-2013-5038

HOT HOTBOX Router Firmware 2.1.11 - Authentication Bypass via Source IP Reuse

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-5038.

AI-analyzed exploit summary The exploit demonstrates two vulnerabilities in HOTBOX routers: a CSRF attack to change Wi-Fi settings and a DoS via crafted POST requests. The CSRF exploit uses an auto-submitting HTML form, while the DoS exploit sends malformed login data to crash the device.

Description

The HOT HOTBOX router with software 2.1.11 allows remote attackers to bypass authentication by configuring a source IP address that had previously been used for an authenticated session.

Exploits (1)

exploitdb WORKING POC

webappshardware

https://www.exploit-db.com/exploits/29518

View Code ZIP pw:eip

The exploit demonstrates two vulnerabilities in HOTBOX routers: a CSRF attack to change Wi-Fi settings and a DoS via crafted POST requests. The CSRF exploit uses an auto-submitting HTML form, while the DoS exploit sends malformed login data to crash the device.

Classification

Working Poc 95%

Attack Type

Dos | Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: HOTBOX Router/Modem (F@st 3184) <= 2.1.11

No auth needed

Prerequisites: Network access to the router's web interface

MITRE ATT&CK

T1499 - Endpoint Denial of Service T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit x_refsource_misc

http://www.youtube.com/watch?v=CPlT09ZIj48

Exploit x_refsource_misc

http://packetstormsecurity.com/files/123901/HOTBOX-2.1.11-CSRF-Traversal-Denial-Of-Service.html

Scores

EPSS 0.0328

EPSS Percentile 86.9%

Details

CWE

CWE-287

Status published

Products (2)

hot/hotbox_router

hot/hotbox_router_firmware 2.1.11

Published Dec 30, 2013

Tracked Since Feb 18, 2026