Vulnerabilities > CVE-2017-9385 - Credentials Management vulnerability in Getvera Veraedge Firmware and Veralite Firmware

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

getvera

CWE-255

critical

NVD

Published: 2019-06-17

Updated: 2019-06-20

Summary

An issue was discovered on Vera Veralite 1.7.481 devices. The device has an additional OpenWRT interface in addition to the standard web interface which allows the highest privileges a user can obtain on the device. This web interface uses root as the username and the password in the /etc/cmh/cmh.conf file which can be extracted by an attacker using a directory traversal attack, and then log in to the device with the highest privileges.

Vulnerable Configurations

Part	Description	Count
OS	Getvera Getvera Veraedge Firmware 1.7.19 Getvera Veralite Firmware 1.7.481	2
Hardware	Getvera Getvera Veraedge - Getvera Veralite -	2

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References