VDB
CVE-2013-0126
CVE-2013-0126
PUBLISHED
CVSS 6.800000190734863 MEDIUM
Multiple cross-site request forgery (CSRF) vulnerabilities in index.cgi on the Verizon FIOS Actiontec MI424WR-GEN3I router with firmware 40.19.36 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrative accounts via the username and user_level parameters or (2) enable remote administration via the is_telnet_primary and is_telnet_secondary parameters.
EPSS 0.94% · 76.6th percentile
Risk Scores
CVSS 2.0
6.800000190734863
EPSS Score
0.94%
76.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| verizon | fios_actiontec_mi424wr-gen31_router | |
| n/a | n/a | n/a |
| verizon | fios_actiontec_mi424wr-gen31_router_firmware | 40.19.36 |
Timeline
- Mar 18, 2013 CVE Published
- Mar 19, 2013 PoC Published
- Mar 20, 2013 PoC Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 4, 2023 EPSS Score
References
- VU#278204 third-party-advisory
- 24860 exploit
- http://infosec42.blogspot.com/2013/03/verizon-fios-router-csrf-cve-2013-0126.html url
- https://nvd.nist.gov/vuln/detail/CVE-2013-0126 advisory
- http://www.exploit-db.com/exploits/24860 url