CVE-2017-9382

Name of the Vulnerable Software and Affected Versions Vera VeraEdge version 1.7.19 Veralite version 1.7.481

Description An issue was discovered in the UPnP services provided by the device, which are available on port 3480 and can also be accessed via port 80 using the url "/port 3480". The UPnP services provide "file" as one of the service actions, allowing a normal user to read a file stored under the /etc/cmh-lu folder. The parameters query string variable is used to retrieve the value, which is then passed to the internal function FileUtils::ReadFileIntoBuffer. This function does not perform any sanitization on the submitted value, allowing an attacker to use directory traversal characters "../" and read files from other folders within the device.

Recommendations For Vera VeraEdge version 1.7.19, consider disabling the UPnP services on port 3480 and restrict access to the "/port 3480" url until a patch is available. For Veralite version 1.7.481, consider disabling the UPnP services on port 3480 and restrict access to the "/port 3480" url until a patch is available. As a temporary workaround, consider restricting the use of the FileUtils::ReadFileIntoBuffer function until a patch is available.