Vulnerability Description
Multiple cross-site request forgery (CSRF) vulnerabilities in index.cgi on the Verizon FIOS Actiontec MI424WR-GEN3I router with firmware 40.19.36 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrative accounts via the username and user_level parameters or (2) enable remote administration via the is_telnet_primary and is_telnet_secondary parameters.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Verizon | Fios Actiontec Mi424Wr-Gen31 Router Firmware | 40.19.36 |
| Verizon | Fios Actiontec Mi424Wr-Gen31 Router | - |
Related Weaknesses (CWE)
References
- http://infosec42.blogspot.com/2013/03/verizon-fios-router-csrf-cve-2013-0126.htmExploit
- http://www.exploit-db.com/exploits/24860/Exploit
- http://www.kb.cert.org/vuls/id/278204US Government Resource
- http://infosec42.blogspot.com/2013/03/verizon-fios-router-csrf-cve-2013-0126.htmExploit
- http://www.exploit-db.com/exploits/24860/Exploit
- http://www.kb.cert.org/vuls/id/278204US Government Resource
FAQ
What is CVE-2013-0126?
CVE-2013-0126 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Multiple cross-site request forgery (CSRF) vulnerabilities in index.cgi on the Verizon FIOS Actiontec MI424WR-GEN3I router with firmware 40.19.36 allow remote attackers to hijack the authentication of...
How severe is CVE-2013-0126?
CVE-2013-0126 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-0126?
Check the references section above for vendor advisories and patch information. Affected products include: Verizon Fios Actiontec Mi424Wr-Gen31 Router Firmware, Verizon Fios Actiontec Mi424Wr-Gen31 Router.