Showing 1 - 1 of 1

CVE-2017-9385

Status Candidate

Overview

An issue was discovered on Vera Veralite 1.7.481 devices. The device has an additional OpenWRT interface in addition to the standard web interface which allows the highest privileges a user can obtain on the device. This web interface uses root as the username and the password in the /etc/cmh/cmh.conf file which can be extracted by an attacker using a directory traversal attack, and then log in to the device with the highest privileges.

Related Files

Veralite / Veraedge Router XSS / Command Injection / CSRF / Traversal: Posted Jun 7, 2019; Authored by Mandar Satam; Veralite and Veraedge routers / smart home controllers suffer from command injection, cross site request forgery, cross site scripting, code execution, directory traversal, and various other vulnerabilities.; tags | exploit, vulnerability, code execution, xss, csrf; advisories | CVE-2017-9381, CVE-2017-9382, CVE-2017-9383, CVE-2017-9384, CVE-2017-9385, CVE-2017-9386, CVE-2017-9387, CVE-2017-9388, CVE-2017-9389, CVE-2017-9390, CVE-2017-9391, CVE-2017-9392; SHA-256 | 9a3839e47c79056657dd7803e7b6ea7a01b1c590d3a5dec1a31c8e2a24802a82; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 240 files
indoushka 173 files
Jay Turla 150 files
Ubuntu 78 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Karn Ganeshen 23 files
Pedro Ribeiro 22 files

File Archives

Systems

AIX (430)
Apple (2,114)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,123)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (881)
iOS (389)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,209)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,823)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,848)
UNIX (9,455)
UnixWare (188)
Windows (6,772)
Other

CVE-2017-9385

Overview

Related Files

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems