VYPR

Edge Home Controller

by Vera

CVEs (2)

  • CVE-2019-13598CriJul 14, 2019
    risk 0.64cvss 9.8epss 0.04

    LuaUPnP in Vera Edge Home Controller 1.7.4452 allows remote unauthenticated users to execute arbitrary OS commands via the code parameter to /port_3480/data_request because the "No unsafe lua allowed" code block is skipped.

  • CVE-2019-15498HigAug 23, 2019
    risk 0.57cvss 8.8epss 0.03

    cgi-bin/cmh/webcam.sh in Vera Edge Home Controller 1.7.4452 allows remote unauthenticated users to execute arbitrary OS commands via --output argument injection in the username parameter to /cgi-bin/cmh/webcam.sh.