Vulnerabilities > Getvera > Vera Edge Firmware > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-07-14 CVE-2019-13598 OS Command Injection vulnerability in Getvera Vera Edge Firmware 1.7.4452
LuaUPnP in Vera Edge Home Controller 1.7.4452 allows remote unauthenticated users to execute arbitrary OS commands via the code parameter to /port_3480/data_request because the "No unsafe lua allowed" code block is skipped.
network
low complexity
getvera CWE-78
critical
 9.8
9.8