Vulnerability Description
An issue was discovered on Vera Veralite 1.7.481 devices. The device has an additional OpenWRT interface in addition to the standard web interface which allows the highest privileges a user can obtain on the device. This web interface uses root as the username and the password in the /etc/cmh/cmh.conf file which can be extracted by an attacker using a directory traversal attack, and then log in to the device with the highest privileges.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Getvera | Veraedge Firmware | <= 1.7.19 |
| Getvera | Veraedge | - |
| Getvera | Veralite Firmware | <= 1.7.481 |
| Getvera | Veralite | - |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/153242/Veralite-Veraedge-Router-XSS-CommandThird Party AdvisoryVDB Entry
- https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Vera_sec_issues.pdExploitThird Party Advisory
- https://seclists.org/bugtraq/2019/Jun/8Mailing ListThird Party Advisory
- http://packetstormsecurity.com/files/153242/Veralite-Veraedge-Router-XSS-CommandThird Party AdvisoryVDB Entry
- https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Vera_sec_issues.pdExploitThird Party Advisory
- https://seclists.org/bugtraq/2019/Jun/8Mailing ListThird Party Advisory
FAQ
What is CVE-2017-9385?
CVE-2017-9385 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An issue was discovered on Vera Veralite 1.7.481 devices. The device has an additional OpenWRT interface in addition to the standard web interface which allows the highest privileges a user can obtain...
How severe is CVE-2017-9385?
CVE-2017-9385 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2017-9385?
Check the references section above for vendor advisories and patch information. Affected products include: Getvera Veraedge Firmware, Getvera Veraedge, Getvera Veralite Firmware, Getvera Veralite.