Daniel Crowley

Name of the Vulnerable Software and Affected Versions: MiCasaVerde VeraLite version 1.5.408 Description: The issue allows remote authenticated users to update the firmware via the `squashfs` parameter to `upgrade step2.sh` or obtain hashed passwords via the "cgi-bin/cmh/backup.sh" page. This is due to improper access restriction. Recommendations: For MiCasaVerde VeraLite version 1.5.408, consider restricting access to the `upgrade step2.sh` function and the "cgi-bin/cmh/backup.sh" page until a patch is available. As a temporary workaround, limit the use of the `squashfs` parameter to prevent unauthorized firmware updates. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: MiCasaVerde VeraLite version 1.5.408 Description: The issue allows remote authenticated users to read arbitrary files via a .. (dot dot) in the `filename` parameter in the cgi-bin/cmh/get file.sh script. Recommendations: For version 1.5.408, consider restricting access to the cgi-bin/cmh/get file.sh script until a patch is available. As a temporary workaround, avoid using the `filename` parameter with .. (dot dot) sequences in the affected script. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: MiCasaVerde VeraLite version 1.5.408 Description: The issue allows remote attackers to send HTTP requests to intranet servers via the `url` parameter to "cgi-bin/cmh/proxy.sh", related to a Server-Side Request Forgery (SSRF) issue. This means an attacker can trick the server into making requests to internal resources that are not exposed to the external network. Recommendations: For MiCasaVerde VeraLite version 1.5.408, as a temporary workaround, consider restricting access to the "cgi-bin/cmh/proxy.sh" endpoint to minimize the risk of exploitation. Avoid using the `url` parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: MiCasaVerde VeraLite version 1.5.408 Description: The issue allows remote attackers to execute arbitrary Lua code via a RunLua action in a request to "upnp/control/hag" on port 49451. Additionally, remote authenticated users can execute arbitrary Lua code via a RunLua action in a request to "port 49451/upnp/control/hag". Recommendations: For version 1.5.408, consider disabling the RunLua action in the HomeAutomationGateway service as a temporary workaround until a patch is available. Restrict access to the "upnp/control/hag" endpoint on port 49451 to minimize the risk of exploitation. Avoid using the RunLua action in requests to "port 49451/upnp/control/hag" until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: MiCasaVerde VeraLite version 1.5.408 Description: A cross-site request forgery (CSRF) issue allows remote attackers to hijack user authentication for requests, enabling the installation of arbitrary firmware via the `squashfs` parameter. This can be exploited by sending malicious requests to the affected system. Recommendations: For MiCasaVerde VeraLite version 1.5.408, consider restricting access to the `upgrade step2.sh` script and the `squashfs` parameter to minimize the risk of exploitation. As a temporary workaround, avoid using the `squashfs` parameter in requests until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Karotz API version 12.07.19.00 **Description** The issue concerns a session token information disclosure in the Karotz API. **Recommendations** For Karotz API version 12.07.19.00, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Electronic Arts Karotz Smart Rabbit version 12.07.19.00 **Description** The issue allows Python module hijacking. **Recommendations** For version 12.07.19.00, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Echelon SmartServer 1 versions all Echelon SmartServer 2 versions prior to 4.11.007 Echelon i.LON 100 versions all Echelon i.LON 600 versions all **Description** The issue concerns the default configuration of the devices, which allows unencrypted Web connections. Additionally, the devices can receive configuration and firmware updates via unsecure FTP. **Recommendations** For Echelon SmartServer 1, update the configuration to use encrypted Web connections and secure FTP for updates. For Echelon SmartServer 2 versions prior to 4.11.007, update to release 4.11.007 or later to address the issue. For Echelon i.LON 100, consider disabling unencrypted Web connections and unsecure FTP updates until a secure configuration can be implemented. For Echelon i.LON 600, restrict the use of unsecure FTP for configuration and firmware updates until a secure alternative is available.

**Name of the Vulnerable Software and Affected Versions** Echelon SmartServer 1 versions all Echelon SmartServer 2 versions prior to 4.11.007 Echelon i.LON 100 versions all Echelon i.LON 600 versions all **Description** The issue concerns the storage of passwords in plaintext, which could allow an attacker with access to the configuration file to log into the SmartServer web user interface. **Recommendations** For Echelon SmartServer 1, update the configuration to securely store passwords. For Echelon SmartServer 2 versions prior to 4.11.007, update to release 4.11.007 or later. For Echelon i.LON 100, consider implementing additional security measures to protect access to the configuration file. For Echelon i.LON 600, restrict access to the configuration file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Echelon SmartServer 1 versions all Echelon SmartServer 2 versions prior to 4.11.007 Echelon i.LON 100 versions all **Description** The issue allows an attacker to use the SOAP API to retrieve and change sensitive configuration items, including usernames and passwords for the Web and FTP servers. **Recommendations** For Echelon SmartServer 1, update to a version that is not specified as there is no information on a fixed version. For Echelon SmartServer 2 versions prior to 4.11.007, update to release 4.11.007 or later. For Echelon i.LON 100, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** LIXIL Corporation My SATIS Genius Toilet application for Android (affected versions not specified) **Description** The issue concerns a hardcoded Bluetooth PIN in the application, allowing physically proximate attackers to cause physical resource consumption, such as water or heat, or user discomfort. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.