CVE-2017-9383

Name of the Vulnerable Software and Affected Versions Vera VeraEdge version 1.7.19 Veralite version 1.7.481

Description An issue was discovered on Vera devices, where the UPnP services available on port 3480 and accessible via port 80 using the url "/port 3480" provide a "wget" service action. This action retrieves the URL parameter from the query string and passes it to an internal function that uses the curl module to retrieve the contents of the website.

Recommendations For Vera VeraEdge version 1.7.19, consider disabling the "wget" service action to prevent exploitation until a patch is available. For Veralite version 1.7.481, restrict access to the "/port 3480" url to minimize the risk of exploitation. As a temporary workaround, avoid using the URL parameter in the affected UPnP service until the issue is resolved.