CVE-2013-4861

Directory traversal vulnerability in cgi-bin/cmh/get_file.sh in MiCasaVerde VeraLite with firmware 1.5.408 allows remote authenticated users to read arbirary files via a .. (dot dot) in the filename parameter.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:micasaverde:veralite_firmware:1.5.408:*:*:*:*:*:*:*
cpe:2.3:h:micasaverde:veralite:-:*:*:*:*:*:*:*

Information

Published : 2020-01-28 09:15

Updated : 2020-02-04 08:36


NVD link : CVE-2013-4861

Mitre link : CVE-2013-4861


JSON object : View

CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Advertisement

dedicated server usa

Products Affected

micasaverde

  • veralite
  • veralite_firmware