Showing 1 - 1 of 1

CVE-2017-9390

Status Candidate

Overview

An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a shell script called connect.sh which is supposed to return a specific cookie for the user when the user is authenticated to https://home.getvera.com. One of the parameters retrieved by this script is "RedirectURL". However, the application lacks strict input validation of this parameter and this allows an attacker to execute the client-side code on this application.

Related Files

Veralite / Veraedge Router XSS / Command Injection / CSRF / Traversal: Posted Jun 7, 2019; Authored by Mandar Satam; Veralite and Veraedge routers / smart home controllers suffer from command injection, cross site request forgery, cross site scripting, code execution, directory traversal, and various other vulnerabilities.; tags | exploit, vulnerability, code execution, xss, csrf; advisories | CVE-2017-9381, CVE-2017-9382, CVE-2017-9383, CVE-2017-9384, CVE-2017-9385, CVE-2017-9386, CVE-2017-9387, CVE-2017-9388, CVE-2017-9389, CVE-2017-9390, CVE-2017-9391, CVE-2017-9392; SHA-256 | 9a3839e47c79056657dd7803e7b6ea7a01b1c590d3a5dec1a31c8e2a24802a82; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 217 files
Ubuntu 101 files
Debian 23 files
Gentoo 23 files
tmrswrr 8 files
Amit Roy 4 files
Google Security Research 3 files
Furkan Eren Tetik 3 files
Aslam Anwar Mahimkar 3 files
ron190 3 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,074)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,523)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,242)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,193)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,636)
UNIX (9,424)
UnixWare (187)
Windows (6,665)
Other

CVE-2017-9390

Overview

Related Files

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems