CVE-2017-9383 Information
Share on:Description
An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides UPnP services that are available on port 3480 and can also be accessed via port 80 using the url \/port_3480. It seems that the UPnP services provide \wget\ as one of the service actions for a normal user to connect the device to an external website. It retrieves the parameter \URL\ from the query string and then passes it to an internal function that uses the curl module on the device to retrieve the contents of the website.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Reference
http://packetstormsecurity.com/files/153242/Veralite-Veraedge-Router-XSS-Command-Injection-CSRF-Traversal.html
https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Vera_sec_issues.pdf
https://seclists.org/bugtraq/2019/Jun/8
An
issue
was
discovered
on
Vera
VeraEdge
1.7.19
and
Veralite
1.7.481
devices.
The
device
provides
UPnP
services
that
are
available
on
port
3480
and
can
also
be
accessed
via
port
80
using
the
url
\/port_3480.
It
seems
that
the
UPnP
services
provide
\wget
as
one
of
the
service
actions
for
a
normal
user
to
connect
the
device
to
an
external
website.
It
retrieves
the
parameter
\URL
from
the
query
string
and
then
passes
it
to
an
internal
function
that
uses
the
curl
module
on
the
device
to
retrieve
the
contents
of
the
website.
Attack Complexity
LOW
Privileges Required
LOW
User Interaction Required
LOW
Scope
NONE
Confidentiality Impact
CHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
9.9