Vulnerability Description
Cross-site request forgery (CSRF) vulnerability in goform/wlanBasicSecurity on the HOT HOTBOX router with software 2.1.11 allows remote attackers to hijack the authentication of administrators for requests that change the WiFi Security field to Deactivated via the WifiSecurity parameter.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hot | Hotbox Router Firmware | 2.1.11 |
| Hot | Hotbox Router | - |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/123901/HOTBOX-2.1.11-CSRF-Traversal-Denial-Exploit
- http://www.youtube.com/watch?v=CPlT09ZIj48Exploit
- http://packetstormsecurity.com/files/123901/HOTBOX-2.1.11-CSRF-Traversal-Denial-Exploit
- http://www.youtube.com/watch?v=CPlT09ZIj48Exploit
FAQ
What is CVE-2013-5039?
CVE-2013-5039 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Cross-site request forgery (CSRF) vulnerability in goform/wlanBasicSecurity on the HOT HOTBOX router with software 2.1.11 allows remote attackers to hijack the authentication of administrators for req...
How severe is CVE-2013-5039?
CVE-2013-5039 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-5039?
Check the references section above for vendor advisories and patch information. Affected products include: Hot Hotbox Router Firmware, Hot Hotbox Router.