CVE-2013-5218

HOT HOTBOX <2.1.11 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability on the HOT HOTBOX router with software 2.1.11 allows remote attackers to inject arbitrary web script or HTML via a crafted DHCP Host Name option, which is not properly handled during rendering of the DHCP table in wlanAccess.asp.

Exploits (1)

exploitdb WORKING POC

webappshardware

https://www.exploit-db.com/exploits/29518

View on exploitdb

References (2)

[Exploit] http://packetstormsecurity.com/files/123901/HOTBOX-2.1.11-CSRF-Traversal-Denial-Of-Service.html

[Exploit] http://www.youtube.com/watch?v=CPlT09ZIj48

Scores

EPSS 0.0082

EPSS Percentile 74.2%

Details

CWE

CWE-79

Status published

Products (3)

hot/hotbox_router_firmware

hot/hotbox_router

n/a/n/a

Published Dec 30, 2013

Tracked Since Feb 18, 2026