CVE-2017-9385
Description
An issue was discovered on Vera Veralite 1.7.481 devices. The device has an additional OpenWRT interface in addition to the standard web interface which allows the highest privileges a user can obtain on the device. This web interface uses root as the username and the password in the /etc/cmh/cmh.conf file which can be extracted by an attacker using a directory traversal attack, and then log in to the device with the highest privileges.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Vera Veralite 1.7.481 exposes a privileged OpenWRT interface using root credentials from /etc/cmh/cmh.conf, which can be extracted via directory traversal, enabling full device compromise.
Vulnerability
Vera Veralite firmware version 1.7.481 contains a hidden OpenWRT management interface in addition to the standard web interface. This interface uses root as the username and retrieves the password from the file /etc/cmh/cmh.conf. An attacker can leverage a directory traversal vulnerability to read this configuration file, thereby obtaining the plaintext credentials for the highest-privilege account on the device [1].
Exploitation
The attacker needs network access to the device and must be able to send HTTP requests to the Vera Veralite web server. By exploiting a directory traversal flaw (no authentication required), the attacker can read arbitrary files, including /etc/cmh/cmh.conf, to extract the root password. Once the password is obtained, the attacker can log in to the hidden OpenWRT interface using root and the retrieved password, gaining full administrative control [1].
Impact
Successful exploitation results in complete compromise of the Vera Veralite device. The attacker obtains the highest possible privileges (root) on the device's Linux-based OpenWRT system, leading to full confidentiality, integrity, and availability loss. This can allow arbitrary command execution, modification of system files, interception of network traffic, and use of the device as a pivot point for further attacks [1].
Mitigation
The vendor has not released a fixed version for this vulnerability as of the publication date. Users should consider isolating the Vera Veralite device on a separate network segment, restricting access to the web interface to trusted hosts only, and monitoring for any suspicious activity. No workaround for the directory traversal or hardcoded credentials is available in the stated firmware version [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Vera/Veralitedescription
- Range: = 1.7.481
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- packetstormsecurity.com/files/153242/Veralite-Veraedge-Router-XSS-Command-Injection-CSRF-Traversal.htmlmitrex_refsource_MISC
- github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Vera_sec_issues.pdfmitrex_refsource_MISC
- seclists.org/bugtraq/2019/Jun/8mitremailing-listx_refsource_BUGTRAQ
News mentions
0No linked articles in our index yet.