CVE-2013-0126

Name: CVE-2013-0126
Creator: NVD / NIST
Published: 2013-03-21T20:55:01.91+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 2.94%

Last modified Jun 16, 2026

CVE-2013-0126 is a vulnerability of currently unknown severity. Multiple cross-site request forgery (CSRF) vulnerabilities in index.cgi on the Verizon FIOS Actiontec MI424WR-GEN3I router with firmware 40.19.36 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrative accounts via the username and user_level parameters or (2) enable remote administration via the is_telnet_primary and is_telnet_secondary parameters.. EPSS estimates a 2.94% chance of exploitation in the next 30 days.

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in index.cgi on the Verizon FIOS Actiontec MI424WR-GEN3I router with firmware 40.19.36 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrative accounts via the username and user_level parameters or (2) enable remote administration via the is_telnet_primary and is_telnet_secondary parameters.

Metrics

EPSS Probability

2.94%

85.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-352

Affected Software

Vendor	Product	Versions
Verizon	Fios Actiontec Mi424wr-Gen31 Router Firmware	40.19.36
Verizon	Fios Actiontec Mi424wr-Gen31 Router	All versions

References

http://infosec42.blogspot.com/2013/03/verizon-fios-router-csrf-cve-2013-0126.htmlExploit
http://www.exploit-db.com/exploits/24860/Exploit
http://www.kb.cert.org/vuls/id/278204US Government Resource
http://infosec42.blogspot.com/2013/03/verizon-fios-router-csrf-cve-2013-0126.htmlExploit
http://www.exploit-db.com/exploits/24860/Exploit
http://www.kb.cert.org/vuls/id/278204US Government Resource

Timeline

Published: Mar 21, 2013
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2013-0126?

How severe is CVE-2013-0126?

Severity scoring for CVE-2013-0126 is pending analysis. The EPSS model estimates a 2.94% probability of exploitation in the next 30 days.

How do I fix CVE-2013-0126?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2013-0126?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST