Design/Logic Flaw

2020-01-2817:15:00

PRIOn knowledge base

www.prio-n.com

6.8 Medium

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

80.6%

JSON

MiCasaVerde VeraLite with firmware 1.5.408 does not properly restrict access, which allows remote authenticated users to (1) update the firmware via the squashfs parameter to upgrade_step2.sh or (2) obtain hashed passwords via the cgi-bin/cmh/backup.sh page.

CPENameOperatorVersion
veralite_firmwareeq1.5.408

CPE	Name	Operator	Version
	veralite_firmware	eq	1.5.408

References

packetstormsecurity.com/files/122654/MiCasaVerde-VeraLite-1.5.408-Traversal-Authorization-CSRF-Disclosure.html

www.exploit-db.com/exploits/27286

www3.trustwave.com/spiderlabs/advisories/TWSL2013-019.txt