N/A

An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides UPnP services that are available on port 3480 and can also be accessed via port 80 using the url "/port_3480". It seems that the UPnP services provide "file" as one of the service actions for a normal user to read a file that is stored under the /etc/cmh-lu folder. It retrieves the value from the "parameters" query string variable and then passes it to an internal function "FileUtils::ReadFileIntoBuffer" which is a library function that does not perform any sanitization on the value submitted and this allows an attacker to use directory traversal characters "../" and read files from other folders within the device.

N/A

N/A

Vera VeraEdge和Veralite 路径遍历漏洞

FileUtils是一款开源的文件管理工具。 Vera VeraEdge 1.7.19版本和Veralite 1.7.481版本中存在安全漏洞，该漏洞源于程序没有过滤用户提交的值。攻击者可借助目录遍历字符‘../’利用该漏洞读取其他文件的内容。

N/A

N/A