CVE-2013-4863
First published: Tue Jan 28 2020(Updated: )
The HomeAutomationGateway service in MiCasaVerde VeraLite with firmware 1.5.408 allows (1) remote attackers to execute arbitrary Lua code via a RunLua action in a request to upnp/control/hag on port 49451 or (2) remote authenticated users to execute arbitrary Lua code via a RunLua action in a request to port_49451/upnp/control/hag.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| VeraLite Firmware | =1.5.408 | |
| Micasaverde VeraLite Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2013-4863.
What is the severity of CVE-2013-4863?
CVE-2013-4863 has a severity rating of 8.8, which is considered critical.
How does CVE-2013-4863 allow remote attackers to execute arbitrary Lua code?
CVE-2013-4863 allows remote attackers to execute arbitrary Lua code through a RunLua action in a request to upnp/control/hag on port 49451.
How can remote authenticated users exploit CVE-2013-4863?
Remote authenticated users can exploit CVE-2013-4863 by executing arbitrary Lua code through a RunLua action in a request.
Is MiCasaVerde VeraLite vulnerable to CVE-2013-4863?
No, MiCasaVerde VeraLite is not vulnerable to CVE-2013-4863.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/severity
- agent/references
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/micasaverde
- canonical/veralite firmware
- version/veralite firmware/1.5.408
- canonical/micasaverde veralite firmware