CVE-2013-0126

MEDIUM Year: 2013
CVSS v2 Score
6.8
Medium
Weakness Type
CWE-352
View all →

Vulnerability Description

Multiple cross-site request forgery (CSRF) vulnerabilities in index.cgi on the Verizon FIOS Actiontec MI424WR-GEN3I router with firmware 40.19.36 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrative accounts via the username and user_level parameters or (2) enable remote administration via the is_telnet_primary and is_telnet_secondary parameters.

Related Vulnerabilities

CVE-2017-5145

CRITICAL
CVSS:10.0(Critical)

An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. Successful exploitation of this CROSS-SITE REQUEST FORGERY (CSRF) vulne...

CWE-3522017

CVE-2019-3809

CRITICAL
CVSS:10.0(Critical)

A flaw was found in Moodle versions 3.1 to 3.1.15 and earlier unsupported versions. The mybackpack functionality allowed setting the URL of badges, when it should be restricted to the Mozilla Open Bad...

CWE-3522019

CVE-2025-23922

CRITICAL
CVSS:10.0(Critical)

Cross-Site Request Forgery (CSRF) vulnerability in Harsh iSpring Embedder allows Upload a Web Shell to a Web Server.This issue affects iSpring Embedder: from n/a through 1.0.

CWE-3522025

CVE-2025-32642

CRITICAL
CVSS:10.0(Critical)

Cross-Site Request Forgery (CSRF) vulnerability in appsbd Vite Coupon allows Remote Code Inclusion. This issue affects Vite Coupon: from n/a through 1.0.7.

CWE-3522025

CVE-2018-1712

CRITICAL
CVSS:9.9(Critical)

IBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerable to Server Side Request Forgery. An attacker, using specially crafted input parameters can trick the server into making potentia...

CWE-3522018

CVE-2016-9866

CRITICAL
CVSS:9.8(Critical)

An issue was discovered in phpMyAdmin. When the arg_separator is different from its default & value, the CSRF token was not properly stripped from the return URL of the preference import action. All 4...

CWE-3522016