CVE-2013-6852

HP 2620-24-PoE+ Switch - Cross-Site Request Forgery via setPassword Method

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-6852. PoCs published by Hubert Gradek.

AI-analyzed exploit summary This exploit demonstrates a CSRF vulnerability in the Hewlett-Packard 2620 Switch Series, allowing an attacker to change the admin password via a crafted POST request. The exploit requires the victim to be authenticated and tricked into submitting the request.

Description

Cross-site request forgery (CSRF) vulnerability in html/json.html on HP 2620 switches allows remote attackers to hijack the authentication of administrators for requests that change an administrative password via the setPassword method.

Exploits (1)

exploitdb WORKING POC
by Hubert Gradek · textwebappshardware
https://www.exploit-db.com/exploits/28562

This exploit demonstrates a CSRF vulnerability in the Hewlett-Packard 2620 Switch Series, allowing an attacker to change the admin password via a crafted POST request. The exploit requires the victim to be authenticated and tricked into submitting the request.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: HP 2620 Switch Series, firmware RA.15.05.0006, ROM RA.15.10
Auth required
Prerequisites: Victim must be authenticated to the switch · Victim must be tricked into submitting the malicious request
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/28562/

Scores

EPSS 0.0151
EPSS Percentile 71.3%

Details

CWE
CWE-352
Status published
Products (1)
hp/2620-24-poe\+_switch
Published Nov 22, 2013
Tracked Since Feb 18, 2026