QwikSec

Security Database

CVE

CWE

Training

CVE-2017-9385

Published: Jun 17, 2019

Modified: Aug 5, 2024

PUBLISHED

Description

An issue was discovered on Vera Veralite 1.7.481 devices. The device has an additional OpenWRT interface in addition to the standard web interface which allows the highest privileges a user can obtain on the device. This web interface uses root as the username and the password in the /etc/cmh/cmh.conf file which can be extracted by an attacker using a directory traversal attack, and then log in to the device with the highest privileges.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

20190609 Newly releases IoT security issues

mailing-list

x_refsource_BUGTRAQ

http://packetstormsecurity.com/files/153242/Veralite-Veraedge-Router-XSS-Command-Injection-CSRF-Traversal.html

x_refsource_MISC

https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Vera_sec_issues.pdf

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.