CVE-2013-5220

HOT HOTBOX Router Firmware 2.1.11 - Denial of Service via Crafted HTTP POST Data

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-5220. PoCs published by Oz Elisyan.

AI-analyzed exploit summary The provided code includes a CSRF exploit (HTML form auto-submission) and a DoS exploit (Perl script sending malformed POST requests) targeting the HOTBOX router/modem (SAGEMCOM F@st 3184). Both exploits are functional and demonstrate the vulnerabilities described in CVE-2013-5038 and related CVEs.

Description

goform/login on the HOT HOTBOX router with software 2.1.11 allows remote attackers to cause a denial of service (device crash) via crafted HTTP POST data.

Exploits (1)

exploitdb WORKING POC

by Oz Elisyan · textwebappshardware

https://www.exploit-db.com/exploits/29518

View Code ZIP pw:eip

The provided code includes a CSRF exploit (HTML form auto-submission) and a DoS exploit (Perl script sending malformed POST requests) targeting the HOTBOX router/modem (SAGEMCOM F@st 3184). Both exploits are functional and demonstrate the vulnerabilities described in CVE-2013-5038 and related CVEs.

Classification

Working Poc 95%

Attack Type

Dos, Csrf

Complexity

Trivial

Reliability

Reliable

Target: SAGEMCOM F@st 3184 (HOTBOX) firmware <= 2.1.11

No auth needed

Prerequisites: Network access to the target router · Victim interaction for CSRF (e.g., visiting a malicious page)

MITRE ATT&CK

T1499 - Endpoint Denial of Service T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit x_refsource_misc

http://www.youtube.com/watch?v=CPlT09ZIj48

Exploit x_refsource_misc

http://packetstormsecurity.com/files/123901/HOTBOX-2.1.11-CSRF-Traversal-Denial-Of-Service.html

Scores

EPSS 0.0474

EPSS Percentile 90.7%

Details

CWE

CWE-20

Status published

Products (2)

hot/hotbox_router

hot/hotbox_router_firmware 2.1.11

Published Dec 30, 2013

Tracked Since Feb 18, 2026