Cross-Site Request Forgery Vulnerabilities in Actiontec MI424WR-GEN3I Router by Verizon
CVE-2013-0126

Currently unrated

Key Information:

Vendor: Verizon
Status: Fios Actiontec Mi424wr-gen31 Router Firmware; Fios Actiontec Mi424wr-gen31 Router
Vendor: CVE Published:; 21 March 2013

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2013-0126?

The Actiontec MI424WR-GEN3I router by Verizon is susceptible to multiple cross-site request forgery (CSRF) vulnerabilities in its index.cgi file. Attackers can exploit these vulnerabilities to hijack the authentication of administrators, facilitating unauthorized actions such as adding administrative accounts and activating remote management features. By manipulating requests through crafted URLs, an attacker can compromise the integrity of the router's administration interface, posing significant risks to network security.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2013-0126 - Proof of Concept

References

http://www.kb.cert.org/vuls/id/278204

third-party-advisoryx_refsource_CERT-VN

http://www.exploit-db.com/exploits/24860/

exploitx_refsource_EXPLOIT-DB

http://infosec42.blogspot.com/2013/03/verizon-fios-router...

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
🟡
Public PoC available
Mar 21, 2013
👾
Exploit known to exist
Mar 21, 2013
Vulnerability published
Mar 21, 2013

CVE-2013-0126 Data

JSON