Vulnerabilities > CVE-2017-9385 - Credentials Management vulnerability in Getvera Veraedge Firmware and Veralite Firmware

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
getvera
CWE-255

Summary

An issue was discovered on Vera Veralite 1.7.481 devices. The device has an additional OpenWRT interface in addition to the standard web interface which allows the highest privileges a user can obtain on the device. This web interface uses root as the username and the password in the /etc/cmh/cmh.conf file which can be extracted by an attacker using a directory traversal attack, and then log in to the device with the highest privileges.

Vulnerable Configurations

Part Description Count
OS
Getvera
2
Hardware
Getvera
2

Common Weakness Enumeration (CWE)