CVE-2017-9381

Name of the Vulnerable Software and Affected Versions Vera VeraEdge version 1.7.19 Vera Veralite version 1.7.481

Description An issue was discovered where the device does not implement any cross-site request forgery protection mechanism. This allows an attacker to trick a user who navigates to an attacker-controlled page to install or delete an application on the device using the web management interface. The cross-site request forgery is a systemic issue across all other functionalities of the device.

Recommendations For Vera VeraEdge version 1.7.19, consider disabling the web management interface until a patch is available to prevent exploitation. For Vera Veralite version 1.7.481, restrict access to the web management interface to minimize the risk of exploitation. As a temporary workaround, avoid using the web management interface to install or delete applications until the issue is resolved.