Vulnerabilities > Getvera > Vera Edge Firmware

DATE CVE VULNERABILITY TITLE RISK
2019-08-23 CVE-2019-15498 Argument Injection or Modification vulnerability in Getvera Vera Edge Firmware 1.7.4452
cgi-bin/cmh/webcam.sh in Vera Edge Home Controller 1.7.4452 allows remote unauthenticated users to execute arbitrary OS commands via --output argument injection in the username parameter to /cgi-bin/cmh/webcam.sh.
network
getvera CWE-88
critical
 9.3
9.3
2019-07-14 CVE-2019-13598 OS Command Injection vulnerability in Getvera Vera Edge Firmware 1.7.4452
LuaUPnP in Vera Edge Home Controller 1.7.4452 allows remote unauthenticated users to execute arbitrary OS commands via the code parameter to /port_3480/data_request because the "No unsafe lua allowed" code block is skipped.
network
low complexity
getvera CWE-78
critical
 10.0
10