CVE-2017-9386

Name of the Vulnerable Software and Affected Versions Vera VeraEdge version 1.7.19 Vera Veralite version 1.7.481

Description An issue was discovered on Vera devices, where a script file called "get file.sh" allows a user to retrieve any file stored in the "cmh-ext" folder. However, the filename parameter is not validated correctly, allowing an attacker to directory traverse outside the /cmh-ext folder and read any file on the device. To exploit this, an attacker must first create the "cmh-ext" folder on the device in an unauthenticated fashion, and then execute a directory traversal attack.

Recommendations For Vera VeraEdge version 1.7.19, consider disabling the "get file.sh" script until a patch is available. For Vera Veralite version 1.7.481, restrict access to the "cmh-ext" folder to minimize the risk of exploitation. As a temporary workaround, avoid using the filename parameter in the affected script until the issue is resolved.