CVE-2013-5039

HOT HOTBOX Router Firmware 2.1.11 - Cross-Site Request Forgery via WifiSecurity Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-5039.

AI-analyzed exploit summary The provided code includes a CSRF exploit (HTML form auto-submission) and a DoS exploit (Perl script sending malformed POST requests) targeting the HOTBOX router/modem (SAGEMCOM F@st 3184). Both exploits are functional and demonstrate the vulnerabilities described in CVE-2013-5039 and related CVEs.

Description

Cross-site request forgery (CSRF) vulnerability in goform/wlanBasicSecurity on the HOT HOTBOX router with software 2.1.11 allows remote attackers to hijack the authentication of administrators for requests that change the WiFi Security field to Deactivated via the WifiSecurity parameter.

Exploits (1)

exploitdb WORKING POC
webappshardware
https://www.exploit-db.com/exploits/29518

The provided code includes a CSRF exploit (HTML form auto-submission) and a DoS exploit (Perl script sending malformed POST requests) targeting the HOTBOX router/modem (SAGEMCOM F@st 3184). Both exploits are functional and demonstrate the vulnerabilities described in CVE-2013-5039 and related CVEs.

Classification
Working Poc 95%
Attack Type
Dos, Csrf
Complexity
Trivial
Reliability
Reliable
Target: HOTBOX Router/Modem (SAGEMCOM F@st 3184) <= 2.1.11
No auth needed
Prerequisites: Network access to the target router · Victim interaction for CSRF (e.g., visiting a malicious page)
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Scores

EPSS 0.0213
EPSS Percentile 79.6%

Details

CWE
CWE-352
Status published
Products (2)
hot/hotbox_router
hot/hotbox_router_firmware 2.1.11
Published Dec 30, 2013
Tracked Since Feb 18, 2026