CVE-2017-9385

Name of the Vulnerable Software and Affected Versions Vera Veralite version 1.7.481

Description An issue was discovered on the device, which has an additional OpenWRT interface in addition to the standard web interface, allowing the highest privileges a user can obtain on the device. This web interface uses root as the username and the password in the /etc/cmh/cmh.conf file, which can be extracted by an attacker using a directory traversal attack, and then log in to the device with the highest privileges.

Recommendations For Vera Veralite version 1.7.481, consider disabling the OpenWRT interface as a temporary workaround until a patch is available. Restrict access to the /etc/cmh/cmh.conf file to minimize the risk of exploitation. Avoid using the root username in the affected web interface until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.