Vulnerabilities > CVE-2017-9385 - Credentials Management vulnerability in Getvera Veraedge Firmware and Veralite Firmware

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

getvera

CWE-255

NVD

Published: 2019-06-17

Updated: 2019-06-20

Summary

An issue was discovered on Vera Veralite 1.7.481 devices. The device has an additional OpenWRT interface in addition to the standard web interface which allows the highest privileges a user can obtain on the device. This web interface uses root as the username and the password in the /etc/cmh/cmh.conf file which can be extracted by an attacker using a directory traversal attack, and then log in to the device with the highest privileges.

Vulnerable Configurations

Part	Description	Count
OS	Getvera Getvera Veraedge Firmware * Getvera Veralite Firmware *	2
Hardware	Getvera Getvera Veraedge - Getvera Veralite -	2

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References