Vulnerabilities (CVE)

Filtered by vendor Micasaverde Subscribe
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-4865 1 Micasaverde 2 Veralite, Veralite Firmware 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
Cross-site request forgery (CSRF) vulnerability in upgrade_step2.sh in MiCasaVerde VeraLite with firmware 1.5.408 allows remote attackers to hijack the authentication of users for requests that install arbitrary firmware via the squashfs parameter.
CVE-2013-4864 1 Micasaverde 2 Veralite, Veralite Firmware 2024-11-21 7.5 HIGH 9.8 CRITICAL
MiCasaVerde VeraLite with firmware 1.5.408 allows remote attackers to send HTTP requests to intranet servers via the url parameter to cgi-bin/cmh/proxy.sh, related to a Server-Side Request Forgery (SSRF) issue.
CVE-2013-4863 1 Micasaverde 2 Veralite, Veralite Firmware 2024-11-21 9.0 HIGH 8.8 HIGH
The HomeAutomationGateway service in MiCasaVerde VeraLite with firmware 1.5.408 allows (1) remote attackers to execute arbitrary Lua code via a RunLua action in a request to upnp/control/hag on port 49451 or (2) remote authenticated users to execute arbitrary Lua code via a RunLua action in a request to port_49451/upnp/control/hag.
CVE-2013-4862 1 Micasaverde 2 Veralite, Veralite Firmware 2024-11-21 5.5 MEDIUM 8.1 HIGH
MiCasaVerde VeraLite with firmware 1.5.408 does not properly restrict access, which allows remote authenticated users to (1) update the firmware via the squashfs parameter to upgrade_step2.sh or (2) obtain hashed passwords via the cgi-bin/cmh/backup.sh page.
CVE-2013-4861 1 Micasaverde 2 Veralite, Veralite Firmware 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
Directory traversal vulnerability in cgi-bin/cmh/get_file.sh in MiCasaVerde VeraLite with firmware 1.5.408 allows remote authenticated users to read arbirary files via a .. (dot dot) in the filename parameter.