CVE-2017-9385

An issue was discovered on Vera Veralite 1.7.481 devices. The device has an additional OpenWRT interface in addition to the standard web interface which allows the highest privileges a user can obtain on the device. This web interface uses root as the username and the password in the /etc/cmh/cmh.conf file which can be extracted by an attacker using a directory traversal attack, and then log in to the device with the highest privileges.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:getvera:veraedge_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:getvera:veraedge:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:getvera:veralite_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:getvera:veralite:-:*:*:*:*:*:*:*

Information

Published : 2019-06-17 13:15

Updated : 2019-06-20 09:44


NVD link : CVE-2017-9385

Mitre link : CVE-2017-9385


JSON object : View

CWE
CWE-255

Credentials Management Errors

Advertisement

dedicated server usa

Products Affected

getvera

  • veralite_firmware
  • veraedge
  • veraedge_firmware
  • veralite