24 matches found
EUVD-2017-18327
Malware in sbrugna...
CVE-2017-9390
An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a shell script called connect.sh which is supposed to return a specific cookie for the user when the user is authenticated to https://home.getvera.com. One of the parameters retrieved by this script ...
CVE-2017-9382
An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides UPnP services that are available on port 3480 and can also be accessed via port 80 using the url "/port3480". It seems that the UPnP services provide "file" as one of the service actions for a normal...
Code injection
An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides UPnP services that are available on port 3480 and can also be accessed via port 80 using the url "/port3480". It seems that the UPnP services provide "wget" as one of the service actions for a normal...
Input validation
An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a shell script called connect.sh which is supposed to return a specific cookie for the user when the user is authenticated to https://home.getvera.com. One of the parameters retrieved by this script ...
Directory traversal
An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides UPnP services that are available on port 3480 and can also be accessed via port 80 using the url "/port3480". It seems that the UPnP services provide "file" as one of the service actions for a normal...
Directory traversal
An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a script file called "getfile.sh" which allows a user to retrieve any file stored in the "cmh-ext" folder on the device. However, the "filename" parameter is not validated correctly and this allows a...
CVE-2017-9392
Vera Edge 1.7.19 and Veralite 1.7.481 expose a UPnP action (request_image) on port 3480 (and port 80 via /port_3480). The res parameter in the query is unsafely copied into a stack buffer by LU::Generic_IP_Camera_Manager::GetUrlFromArguments using sprintf without length checks, enabling buffer ov...
CVE-2017-9391
CVE-2017-9391 affects Vera VeraEdge 1.7.19 and Veralite 1.7.481. A UPnP action (request_image) exposed on ports 3480/80 allows unsanitized URL parameters to be stored on the stack, enabling a buffer overflow when more than 1336 characters are supplied. The overflow targets stack values including ...
CVE-2017-9391
An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides UPnP services that are available on port 3480 and can also be accessed via port 80 using the url "/port3480". It seems that the UPnP services provide "requestimage" as one of the service actions for ...
CVE-2017-9382
An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides UPnP services that are available on port 3480 and can also be accessed via port 80 using the url "/port3480". It seems that the UPnP services provide "file" as one of the service actions for a normal...
CVE-2017-9383
An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides UPnP services that are available on port 3480 and can also be accessed via port 80 using the url "/port3480". It seems that the UPnP services provide "wget" as one of the service actions for a normal...
CVE-2017-9383
The CVE-2017-9383 entry applies to Vera VeraEdge 1.7.19 and Veralite 1.7.481. UPnP services are exposed on port 3480 (and accessible via /port_3480 on port 80) and expose a “wget” action that allows a normal user to connect the device to an external website. The exploit path retrieves the query p...
CVE-2017-9386
The CVE-2017-9386 entry concerns Vera VeraEdge (1.7.19) and Veralite (1.7.481). A script file get_file.sh on the device allows a user to read files within the cmh-ext folder, but the filename parameter is not properly validated, enabling directory traversal outside /cmh-ext to read arbitrary file...
CVE-2017-9386
An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a script file called "getfile.sh" which allows a user to retrieve any file stored in the "cmh-ext" folder on the device. However, the "filename" parameter is not validated correctly and this allows a...
CVE-2017-9389
An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a web user interface that allows a user to manage the device. As a part of the functionality the device allows a user to install applications written in the Lua programming language. Also the interfa...
CVE-2017-9389
CVE-2017-9389 affects Vera VeraEdge (1.7.19) and Veralite (1.7.481). The web UI allows users to install and write Lua applications without authentication. A POST carries user-provided Lua code to the LuaUPNP daemon, which handles it in LU::JobHandler_LuaUPnP::RunLua and passes the code to LU::Lua...
CVE-2017-9390
An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a shell script called connect.sh which is supposed to return a specific cookie for the user when the user is authenticated to https://home.getvera.com. One of the parameters retrieved by this script ...
CVE-2017-9390
Vulnerability CVE-2017-9390 affects Vera VeraEdge (1.7.19) and Veralite (1.7.481). The connect.sh script authenticates to home.getvera.com but fails to validate the RedirectURL parameter, allowing an attacker to execute client-side code in the application. This describes an input validation flaw ...
CVE-2017-9381
An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a user with the capability of installing or deleting apps on the device using the web management interface. It seems that the device does not implement any cross-site request forgery protection...