CVE-2013-4865

Name of the Vulnerable Software and Affected Versions: MiCasaVerde VeraLite version 1.5.408

Description: A cross-site request forgery (CSRF) issue allows remote attackers to hijack user authentication for requests, enabling the installation of arbitrary firmware via the squashfs parameter. This can be exploited by sending malicious requests to the affected system.

Recommendations: For MiCasaVerde VeraLite version 1.5.408, consider restricting access to the upgrade step2.sh script and the squashfs parameter to minimize the risk of exploitation. As a temporary workaround, avoid using the squashfs parameter in requests until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.