Critical severity9.8NVD Advisory· Published Jun 17, 2019· Updated Jun 17, 2026
CVE-2017-9385
CVE-2017-9385
Description
An issue was discovered on Vera Veralite 1.7.481 devices. The device has an additional OpenWRT interface in addition to the standard web interface which allows the highest privileges a user can obtain on the device. This web interface uses root as the username and the password in the /etc/cmh/cmh.conf file which can be extracted by an attacker using a directory traversal attack, and then log in to the device with the highest privileges.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Vera/Veralitedescription
Patches
Vulnerability mechanics
References
3- github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Vera_sec_issues.pdfnvdExploitThird Party Advisory
- packetstormsecurity.com/files/153242/Veralite-Veraedge-Router-XSS-Command-Injection-CSRF-Traversal.htmlnvdThird Party AdvisoryVDB Entry
- seclists.org/bugtraq/2019/Jun/8nvdMailing ListThird Party Advisory
News mentions
0No linked articles in our index yet.