Directory traversal

2019-06-1720:15:00

PRIOn knowledge base

www.prio-n.com

7.3 High

AI Score

Confidence

Low

0.018 Low

EPSS

Percentile

88.2%

JSON

An issue was discovered on Vera Veralite 1.7.481 devices. The device has an additional OpenWRT interface in addition to the standard web interface which allows the highest privileges a user can obtain on the device. This web interface uses root as the username and the password in the /etc/cmh/cmh.conf file which can be extracted by an attacker using a directory traversal attack, and then log in to the device with the highest privileges.

CPENameOperatorVersion
veraedge_firmwarele1.7.19
veralite_firmwarele1.7.481

CPE	Name	Operator	Version
	veraedge_firmware	le	1.7.19
	veralite_firmware	le	1.7.481

References

packetstormsecurity.com/files/153242/Veralite-Veraedge-Router-XSS-Command-Injection-CSRF-Traversal.html

github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Vera_sec_issues.pdf

seclists.org/bugtraq/2019/Jun/8