CVE-2017-9385
Last modified
CVE-2017-9385 is a vulnerability of currently unknown severity. An issue was discovered on Vera Veralite 1.7.481 devices. The device has an additional OpenWRT interface in addition to the standard web interface which allows the highest privileges a user can obtain on the device. EPSS estimates a 3.54% chance of exploitation in the next 30 days.
Description
An issue was discovered on Vera Veralite 1.7.481 devices. The device has an additional OpenWRT interface in addition to the standard web interface which allows the highest privileges a user can obtain on the device. This web interface uses root as the username and the password in the /etc/cmh/cmh.conf file which can be extracted by an attacker using a directory traversal attack, and then log in to the device with the highest privileges.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Getvera | Veraedge Firmware | <= 1.7.19 |
| Getvera | Veralite Firmware | <= 1.7.481 |
References
- http://packetstormsecurity.com/files/153242/Veralite-Veraedge-Router-XSS-Command-Injection-CSRF-Traversal.htmlThird Party Advisory, VDB Entry
- https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Vera_sec_issues.pdfExploit, Third Party Advisory
- https://seclists.org/bugtraq/2019/Jun/8Mailing List, Third Party Advisory
- http://packetstormsecurity.com/files/153242/Veralite-Veraedge-Router-XSS-Command-Injection-CSRF-Traversal.htmlThird Party Advisory, VDB Entry
- https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Vera_sec_issues.pdfExploit, Third Party Advisory
- https://seclists.org/bugtraq/2019/Jun/8Mailing List, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-9385?
How severe is CVE-2017-9385?
How do I fix CVE-2017-9385?
Are you affected by CVE-2017-9385?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST