CVE-2017-9382
Description
An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides UPnP services that are available on port 3480 and can also be accessed via port 80 using the url "/port_3480". It seems that the UPnP services provide "file" as one of the service actions for a normal user to read a file that is stored under the /etc/cmh-lu folder. It retrieves the value from the "parameters" query string variable and then passes it to an internal function "FileUtils::ReadFileIntoBuffer" which is a library function that does not perform any sanitization on the value submitted and this allows an attacker to use directory traversal characters "../" and read files from other folders within the device.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
VeraEdge and Veralite UPnP service on port 3480 allows directory traversal via the 'file' action's 'parameters' parameter, enabling arbitrary file read.
Vulnerability
The VeraEdge firmware version 1.7.19 and Veralite firmware version 1.7.481 contain a directory traversal vulnerability in their UPnP services. The UPnP interface is available on port 3480 and can also be accessed via port 80 using the URL /port_3480 [1]. The service provides a file action intended to read files from the /etc/cmh-lu folder. The action retrieves the file path from the parameters query string variable and passes it unsanitized to the internal function FileUtils::ReadFileIntoBuffer. Because no sanitization is performed, an attacker can supply directory traversal sequences such as ../ to read arbitrary files from other directories on the device [1].
Exploitation
An attacker can exploit this vulnerability by sending a crafted HTTP request to the device's UPnP endpoint (port 3480 or port 80 via /port_3480). The attacker does not require authentication. The attack involves providing a parameters query string value containing directory traversal characters (e.g., ../) to escape the intended /etc/cmh-lu folder and specify a target file path on the device [1]. No user interaction or special network position beyond network access to the device is needed.
Impact
Successful exploitation allows an unauthenticated attacker to read any file on the device that is accessible to the UPnP process. This can lead to disclosure of sensitive information, including configuration files, credentials, or other system data. The impact is limited to information disclosure; the attacker does not gain code execution or write access via this vulnerability [1].
Mitigation
As of the publication date (2019-06-17), no firmware updates addressing this vulnerability were available for VeraEdge or Veralite devices. Users should monitor the vendor's official channels for patches. If a fix is not provided, network segmentation and restricting access to ports 3480 and 80 to trusted networks only can reduce the risk of exploitation [1]. There is no indication that this CVE is listed in the CISA KEV catalog.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- Vera/VeraEdgedescription
- Range: = 1.7.481
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- packetstormsecurity.com/files/153242/Veralite-Veraedge-Router-XSS-Command-Injection-CSRF-Traversal.htmlmitrex_refsource_MISC
- github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Vera_sec_issues.pdfmitrex_refsource_MISC
- seclists.org/bugtraq/2019/Jun/8mitremailing-listx_refsource_BUGTRAQ
News mentions
0No linked articles in our index yet.