CVE-2013-0126
Severity CVSS v4.0:
Pending analysis
Type:
CWE-352
Cross-Site Request Forgery (CSRF)
Publication date:
21/03/2013
Last modified:
11/04/2025
Description
Multiple cross-site request forgery (CSRF) vulnerabilities in index.cgi on the Verizon FIOS Actiontec MI424WR-GEN3I router with firmware 40.19.36 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrative accounts via the username and user_level parameters or (2) enable remote administration via the is_telnet_primary and is_telnet_secondary parameters.
Impact
Base Score 2.0
6.80
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:verizon:fios_actiontec_mi424wr-gen31_router_firmware:40.19.36:*:*:*:*:*:*:* | ||
| cpe:2.3:h:verizon:fios_actiontec_mi424wr-gen31_router:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://infosec42.blogspot.com/2013/03/verizon-fios-router-csrf-cve-2013-0126.html
- http://www.exploit-db.com/exploits/24860/
- http://www.kb.cert.org/vuls/id/278204
- http://infosec42.blogspot.com/2013/03/verizon-fios-router-csrf-cve-2013-0126.html
- http://www.exploit-db.com/exploits/24860/
- http://www.kb.cert.org/vuls/id/278204