What is CVE-2017-9388?

CVE-2017-9388 is a vulnerability in Vera VeraEdge and Veralite devices that allows for XSS, command injection, CSRF, and traversal attacks.

How severe is CVE-2017-9388?

CVE-2017-9388 has a severity rating of 8.8 (critical).

Which devices are affected by CVE-2017-9388?

Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices are affected by CVE-2017-9388.

What is the risk of CVE-2017-9388?

CVE-2017-9388 exposes devices to various attacks, including XSS, command injection, CSRF, and traversal attacks, which can lead to unauthorized access and control of the device.

Is there a fix available for CVE-2017-9388?

Yes, it is recommended to update the firmware of the affected devices to a version that addresses the vulnerabilities.

Vulnerability/
CVE-2017-9388

critical

CWE

17/6/2019

20/6/2019

CVE-2017-9388: Command Injection

First published: Mon Jun 17 2019(Updated: )

An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a web user interface that allows a user to manage the device. As a part of the functionality the device firmware file contains a file known as proxy.sh which allows the device to proxy a specific request to and from from another website. This is primarily used as a method of communication between the device and Vera website when the user is logged in to the https://home.getvera.com and allows the device to communicate between the device and website. One of the parameters retrieved by this specific script is "url". This parameter is not sanitized by the script correctly and is passed in a call to "eval" to execute "curl" functionality. This allows an attacker to escape from the executed command and then execute any commands of his/her choice.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Getvera Vera Edge Firmware	<=1.7.19
Getvera Vera Edge
VeraLite Firmware	<=1.7.481
MiCasaVerde VeraLite

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2017-9388?
CVE-2017-9388 is a vulnerability in Vera VeraEdge and Veralite devices that allows for XSS, command injection, CSRF, and traversal attacks.
How severe is CVE-2017-9388?
CVE-2017-9388 has a severity rating of 8.8 (critical).
Which devices are affected by CVE-2017-9388?
Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices are affected by CVE-2017-9388.
What is the risk of CVE-2017-9388?
CVE-2017-9388 exposes devices to various attacks, including XSS, command injection, CSRF, and traversal attacks, which can lead to unauthorized access and control of the device.
Is there a fix available for CVE-2017-9388?
Yes, it is recommended to update the firmware of the affected devices to a version that addresses the vulnerabilities.

agent/type
agent/last-modified-date
agent/first-publish-date
agent/weakness
agent/references
agent/severity
agent/description
agent/author
agent/event
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/getvera
canonical/getvera vera edge firmware
version/getvera vera edge firmware/1.7.19
canonical/getvera vera edge
canonical/veralite firmware
version/veralite firmware/1.7.481
canonical/micasaverde veralite

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.