Lucene search

K

Getvera Security Vulnerabilities

cve
cve

CVE-2019-15498

cgi-bin/cmh/webcam.sh in Vera Edge Home Controller 1.7.4452 allows remote unauthenticated users to execute arbitrary OS commands via --output argument injection in the username parameter to...

8.8CVSS

9.1AI Score

0.004EPSS

2019-08-23 04:15 AM
29
cve
cve

CVE-2019-13598

LuaUPnP in Vera Edge Home Controller 1.7.4452 allows remote unauthenticated users to execute arbitrary OS commands via the code parameter to /port_3480/data_request because the "No unsafe lua allowed" code block is...

9.8CVSS

9.8AI Score

0.032EPSS

2019-07-14 06:15 PM
112
cve
cve

CVE-2017-9391

An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides UPnP services that are available on port 3480 and can also be accessed via port 80 using the url "/port_3480". It seems that the UPnP services provide "request_image" as one of the service actions for....

8.8CVSS

8.8AI Score

0.017EPSS

2019-06-17 09:15 PM
46
cve
cve

CVE-2017-9392

An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides UPnP services that are available on port 3480 and can also be accessed via port 80 using the url "/port_3480". It seems that the UPnP services provide "request_image" as one of the service actions for....

8.8CVSS

8.8AI Score

0.017EPSS

2019-06-17 09:15 PM
46
cve
cve

CVE-2017-9382

An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides UPnP services that are available on port 3480 and can also be accessed via port 80 using the url "/port_3480". It seems that the UPnP services provide "file" as one of the service actions for a normal....

6.5CVSS

6.3AI Score

0.01EPSS

2019-06-17 08:15 PM
44
cve
cve

CVE-2017-9383

An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides UPnP services that are available on port 3480 and can also be accessed via port 80 using the url "/port_3480". It seems that the UPnP services provide "wget" as one of the service actions for a normal....

9.9CVSS

9.2AI Score

0.018EPSS

2019-06-17 08:15 PM
44
cve
cve

CVE-2017-9386

An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a script file called "get_file.sh" which allows a user to retrieve any file stored in the "cmh-ext" folder on the device. However, the "filename" parameter is not validated correctly and this allows...

6.5CVSS

6.5AI Score

0.008EPSS

2019-06-17 08:15 PM
59
cve
cve

CVE-2017-9385

An issue was discovered on Vera Veralite 1.7.481 devices. The device has an additional OpenWRT interface in addition to the standard web interface which allows the highest privileges a user can obtain on the device. This web interface uses root as the username and the password in the...

9.8CVSS

9.4AI Score

0.049EPSS

2019-06-17 08:15 PM
46
cve
cve

CVE-2017-9390

An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a shell script called connect.sh which is supposed to return a specific cookie for the user when the user is authenticated to https://home.getvera.com. One of the parameters retrieved by this script...

6.1CVSS

6.4AI Score

0.005EPSS

2019-06-17 08:15 PM
42
cve
cve

CVE-2017-9389

An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a web user interface that allows a user to manage the device. As a part of the functionality the device allows a user to install applications written in the Lua programming language. Also the...

8.8CVSS

8.8AI Score

0.039EPSS

2019-06-17 08:15 PM
43
cve
cve

CVE-2017-9387

An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a shell script called relay.sh which is used for creating new SSH relays for the device so that the device connects to Vera servers. All the parameters passed in this specific script are logged to a...

5.4CVSS

5.3AI Score

0.001EPSS

2019-06-17 08:15 PM
40
cve
cve

CVE-2017-9381

An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a user with the capability of installing or deleting apps on the device using the web management interface. It seems that the device does not implement any cross-site request forgery protection...

8.8CVSS

8.5AI Score

0.004EPSS

2019-06-17 06:15 PM
42
cve
cve

CVE-2017-9384

An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a web user interface that allows a user to manage the device. As a part of the functionality the device firmware file contains a file known as relay.sh which allows the device to create relay ports...

8.8CVSS

8.9AI Score

0.024EPSS

2019-06-17 06:15 PM
44
cve
cve

CVE-2017-9388

An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a web user interface that allows a user to manage the device. As a part of the functionality the device firmware file contains a file known as proxy.sh which allows the device to proxy a specific...

8.8CVSS

8.8AI Score

0.024EPSS

2019-06-17 05:15 PM
45