Vulnerabilities > Getvera

DATE CVE VULNERABILITY TITLE RISK
2019-08-23 CVE-2019-15498 Argument Injection or Modification vulnerability in Getvera Vera Edge Firmware 1.7.4452
cgi-bin/cmh/webcam.sh in Vera Edge Home Controller 1.7.4452 allows remote unauthenticated users to execute arbitrary OS commands via --output argument injection in the username parameter to /cgi-bin/cmh/webcam.sh.
network
low complexity
getvera CWE-88
8.8
2019-07-14 CVE-2019-13598 OS Command Injection vulnerability in Getvera Vera Edge Firmware 1.7.4452
LuaUPnP in Vera Edge Home Controller 1.7.4452 allows remote unauthenticated users to execute arbitrary OS commands via the code parameter to /port_3480/data_request because the "No unsafe lua allowed" code block is skipped.
network
low complexity
getvera CWE-78
critical
9.8
2019-06-17 CVE-2017-9392 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Getvera Veraedge Firmware and Veralite Firmware
An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices.
network
low complexity
getvera CWE-119
8.8
2019-06-17 CVE-2017-9391 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Getvera Veraedge Firmware and Veralite Firmware
An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices.
network
low complexity
getvera CWE-119
8.8
2019-06-17 CVE-2017-9390 Cross-site Scripting vulnerability in Getvera Veraedge Firmware and Veralite Firmware
An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices.
network
low complexity
getvera CWE-79
6.1
2019-06-17 CVE-2017-9389 Improper Authentication vulnerability in Getvera Veraedge Firmware and Veralite Firmware
An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices.
network
low complexity
getvera CWE-287
8.8
2019-06-17 CVE-2017-9387 Cross-site Scripting vulnerability in Getvera Veraedge Firmware and Veralite Firmware
An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices.
network
low complexity
getvera CWE-79
5.4
2019-06-17 CVE-2017-9386 Path Traversal vulnerability in Getvera Veraedge Firmware and Veralite Firmware
An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices.
network
low complexity
getvera CWE-22
6.5
2019-06-17 CVE-2017-9385 Credentials Management vulnerability in Getvera Veraedge Firmware and Veralite Firmware
An issue was discovered on Vera Veralite 1.7.481 devices.
network
low complexity
getvera CWE-255
critical
9.8
2019-06-17 CVE-2017-9383 Improper Authentication vulnerability in Getvera Veraedge Firmware and Veralite Firmware
An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices.
network
low complexity
getvera CWE-287
critical
9.9