Lucene search
K

24 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2017-18327

Malware in sbrugna...

9CVSS8.8AI score0.04158EPSS
Exploits1References5
NVD
NVD
added 2019/06/17 8:15 p.m.12 views

CVE-2017-9390

An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a shell script called connect.sh which is supposed to return a specific cookie for the user when the user is authenticated to https://home.getvera.com. One of the parameters retrieved by this script ...

6.1CVSS6.5AI score0.01533EPSS
Exploits1References3
NVD
NVD
added 2019/06/17 8:15 p.m.15 views

CVE-2017-9382

An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides UPnP services that are available on port 3480 and can also be accessed via port 80 using the url "/port3480". It seems that the UPnP services provide "file" as one of the service actions for a normal...

6.5CVSS6.4AI score0.0365EPSS
Exploits1References3
Prion
Prion
added 2019/06/17 8:15 p.m.13 views

Code injection

An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides UPnP services that are available on port 3480 and can also be accessed via port 80 using the url "/port3480". It seems that the UPnP services provide "wget" as one of the service actions for a normal...

6.5CVSS7.1AI score0.0251EPSS
Exploits1References3Affected Software2
Prion
Prion
added 2019/06/17 8:15 p.m.18 views

Input validation

An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a shell script called connect.sh which is supposed to return a specific cookie for the user when the user is authenticated to https://home.getvera.com. One of the parameters retrieved by this script ...

4.3CVSS7.4AI score0.01533EPSS
Exploits1References3Affected Software2
Prion
Prion
added 2019/06/17 8:15 p.m.11 views

Directory traversal

An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides UPnP services that are available on port 3480 and can also be accessed via port 80 using the url "/port3480". It seems that the UPnP services provide "file" as one of the service actions for a normal...

4CVSS6.7AI score0.0365EPSS
Exploits1References3Affected Software2
Prion
Prion
added 2019/06/17 8:15 p.m.16 views

Directory traversal

An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a script file called "getfile.sh" which allows a user to retrieve any file stored in the "cmh-ext" folder on the device. However, the "filename" parameter is not validated correctly and this allows a...

4CVSS7AI score0.0314EPSS
Exploits1References3Affected Software2
CVE
CVE
added 2019/06/17 8:12 p.m.68 views

CVE-2017-9392

Vera Edge 1.7.19 and Veralite 1.7.481 expose a UPnP action (request_image) on port 3480 (and port 80 via /port_3480). The res parameter in the query is unsafely copied into a stack buffer by LU::Generic_IP_Camera_Manager::GetUrlFromArguments using sprintf without length checks, enabling buffer ov...

9CVSS8.8AI score0.04158EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2019/06/17 8:5 p.m.73 views

CVE-2017-9391

CVE-2017-9391 affects Vera VeraEdge 1.7.19 and Veralite 1.7.481. A UPnP action (request_image) exposed on ports 3480/80 allows unsanitized URL parameters to be stored on the stack, enabling a buffer overflow when more than 1336 characters are supplied. The overflow targets stack values including ...

9CVSS8.8AI score0.04158EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2019/06/17 8:5 p.m.23 views

CVE-2017-9391

An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides UPnP services that are available on port 3480 and can also be accessed via port 80 using the url "/port3480". It seems that the UPnP services provide "requestimage" as one of the service actions for ...

8.9AI score0.04158EPSS
Exploits1References3
Cvelist
Cvelist
added 2019/06/17 7:52 p.m.15 views

CVE-2017-9382

An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides UPnP services that are available on port 3480 and can also be accessed via port 80 using the url "/port3480". It seems that the UPnP services provide "file" as one of the service actions for a normal...

6.4AI score0.0365EPSS
Exploits1References3
Cvelist
Cvelist
added 2019/06/17 7:41 p.m.19 views

CVE-2017-9383

An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides UPnP services that are available on port 3480 and can also be accessed via port 80 using the url "/port3480". It seems that the UPnP services provide "wget" as one of the service actions for a normal...

9.4AI score0.0251EPSS
Exploits1References3
CVE
CVE
added 2019/06/17 7:41 p.m.71 views

CVE-2017-9383

The CVE-2017-9383 entry applies to Vera VeraEdge 1.7.19 and Veralite 1.7.481. UPnP services are exposed on port 3480 (and accessible via /port_3480 on port 80) and expose a “wget” action that allows a normal user to connect the device to an external website. The exploit path retrieves the query p...

9.9CVSS9.2AI score0.0251EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2019/06/17 7:31 p.m.80 views

CVE-2017-9386

The CVE-2017-9386 entry concerns Vera VeraEdge (1.7.19) and Veralite (1.7.481). A script file get_file.sh on the device allows a user to read files within the cmh-ext folder, but the filename parameter is not properly validated, enabling directory traversal outside /cmh-ext to read arbitrary file...

6.5CVSS6.5AI score0.0314EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2019/06/17 7:31 p.m.26 views

CVE-2017-9386

An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a script file called "getfile.sh" which allows a user to retrieve any file stored in the "cmh-ext" folder on the device. However, the "filename" parameter is not validated correctly and this allows a...

6.5AI score0.0314EPSS
Exploits1References3
Cvelist
Cvelist
added 2019/06/17 7:26 p.m.22 views

CVE-2017-9389

An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a web user interface that allows a user to manage the device. As a part of the functionality the device allows a user to install applications written in the Lua programming language. Also the interfa...

8.9AI score0.04301EPSS
Exploits1References3
CVE
CVE
added 2019/06/17 7:26 p.m.64 views

CVE-2017-9389

CVE-2017-9389 affects Vera VeraEdge (1.7.19) and Veralite (1.7.481). The web UI allows users to install and write Lua applications without authentication. A POST carries user-provided Lua code to the LuaUPNP daemon, which handles it in LU::JobHandler_LuaUPnP::RunLua and passes the code to LU::Lua...

9CVSS8.8AI score0.04301EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2019/06/17 7:4 p.m.19 views

CVE-2017-9390

An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a shell script called connect.sh which is supposed to return a specific cookie for the user when the user is authenticated to https://home.getvera.com. One of the parameters retrieved by this script ...

6.5AI score0.01533EPSS
Exploits1References3
CVE
CVE
added 2019/06/17 7:4 p.m.68 views

CVE-2017-9390

Vulnerability CVE-2017-9390 affects Vera VeraEdge (1.7.19) and Veralite (1.7.481). The connect.sh script authenticates to home.getvera.com but fails to validate the RedirectURL parameter, allowing an attacker to execute client-side code in the application. This describes an input validation flaw ...

6.1CVSS6.4AI score0.01533EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2019/06/17 6:15 p.m.17 views

CVE-2017-9381

An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a user with the capability of installing or deleting apps on the device using the web management interface. It seems that the device does not implement any cross-site request forgery protection...

8.8CVSS8.7AI score0.01128EPSS
Exploits1References3
Rows per page
Query Builder