| Max CVSS | 6.1 | Min CVSS | 2.9 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2013-5220 | 6.1 |
goform/login on the HOT HOTBOX router with software 2.1.11 allows remote attackers to cause a denial of service (device crash) via crafted HTTP POST data.
|
30-12-2013 - 19:29 | 30-12-2013 - 04:53 | |
| CVE-2013-5218 | 2.9 |
Cross-site scripting (XSS) vulnerability on the HOT HOTBOX router with software 2.1.11 allows remote attackers to inject arbitrary web script or HTML via a crafted DHCP Host Name option, which is not properly handled during rendering of the DHCP tabl
|
30-12-2013 - 19:27 | 30-12-2013 - 04:53 | |
| CVE-2013-5219 | 3.3 |
Directory traversal vulnerability on the HOT HOTBOX router with software 2.1.11 allows remote attackers to read arbitrary files via a .. (dot dot) in a URI, as demonstrated by a request for /etc/passwd.
|
30-12-2013 - 19:26 | 30-12-2013 - 04:53 | |
| CVE-2013-5039 | 5.4 |
Cross-site request forgery (CSRF) vulnerability in goform/wlanBasicSecurity on the HOT HOTBOX router with software 2.1.11 allows remote attackers to hijack the authentication of administrators for requests that change the WiFi Security field to Deact
|
30-12-2013 - 19:25 | 30-12-2013 - 04:53 | |
| CVE-2013-5038 | 5.8 |
The HOT HOTBOX router with software 2.1.11 allows remote attackers to bypass authentication by configuring a source IP address that had previously been used for an authenticated session.
|
30-12-2013 - 19:14 | 30-12-2013 - 04:53 | |
| CVE-2013-5037 | 3.3 |
The HOT HOTBOX router with software 2.1.11 has a default WPS PIN of 12345670, which makes it easier for remote attackers to obtain the WPA or WPA2 pre-shared key via EAP messages.
|
30-12-2013 - 19:12 | 30-12-2013 - 04:53 |