LuaUPnP in Vera Edge Home Controller 1.7.4452 allows remote unauthenticated users to execute arbitrary OS commands via the code parameter to /port_3480/data_request because the βNo unsafe lua allowedβ code block is skipped.
CPE | Name | Operator | Version |
---|---|---|---|
vera_edge_firmware | eq | 1.7.4452 |