CVE

CVE-2013-0126

Multiple cross-site request forgery (CSRF) vulnerabilities in index.cgi on the Verizon FIOS Actiontec MI424WR-GEN3I router with firmware 40.19.36 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrative accounts via the username and user_level parameters or (2) enable remote administration via the is_telnet_primary and is_telnet_secondary parameters.

View access options View sample report Ask about this record

What this profile means

This public preview summarizes the normalized record without exposing paid citation paths. Use it to decide whether the device deserves a paid report, workspace review, or direct source verification.

Record typedevice

CategoryCVE

StatusNVD CVE record

Confidence90

CVECVE-2013-0126

Source coverage preview

Public pages show source names and record counts. Paid reports unlock source URLs, citation paths, and report-generation context.

Source rows checked2

Max source confidence90

Latest source observationMay 18, 2026

CitationsLocked in paid report

NIST NVD CVE API

Paid report value

Device/security signal snapshot
Known exploited and exploitability interpretation where available
Remediation and inventory-mapping checklist
Locked source citations and monitoring path

For records that need deeper review, use the main access flow to request source-backed report context, saved workspace review, or support before relying on the public preview.

View access options View sample report Contact support

Methodology and limits

Source-backed, but still worth verifying for high-impact use.

Security records are triage intelligence and should be validated against asset inventory, firmware versions, compensating controls, and vendor advisories.

For security teams

Prioritize known exploited and high-confidence records.

For buyers

Check support and vulnerability signals before purchase.

For MSPs

Use reports and monitors for customer device review.

Questions to ask before relying on this record

What official source published this signal, and when was it last observed?
Does the record still match the current operating, legal, safety, or source context?
Are there related records under another name, jurisdiction, model, address, sponsor, or identifier?
Does this decision need human QA before money, safety, care, legal, or operational action?

Paid reports include citation paths and report-generation context; public previews intentionally hide source URLs.