CVE-2017-9387

MEDIUM

Vera VeraEdge <1.7.19 - Info Disclosure

Title source: llm

Description

An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a shell script called relay.sh which is used for creating new SSH relays for the device so that the device connects to Vera servers. All the parameters passed in this specific script are logged to a log file called log.relay in the /tmp folder. The user can also read all the log files from the device using a script called log.sh. However, when the script loads the log files it displays them with content-type text/html and passes all the logs through the ansi2html binary which converts all the character text including HTML meta-characters correctly to be displayed in the browser. This allows an attacker to use the log files as a storing mechanism for the XSS payload and thus whenever a user navigates to that log.sh script, it enables the XSS payload and allows an attacker to execute his malicious payload on the user's browser.

References (2)

Core 2

Core References

Mailing List, Third Party Advisory mailing-list x_refsource_bugtraq

https://seclists.org/bugtraq/2019/Jun/8

Exploit, Third Party Advisory x_refsource_misc

https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Vera_sec_issues.pdf

View Exploit ZIP pw:eip

Scores

CVSS v3 5.4

EPSS 0.0021

EPSS Percentile 42.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (2)

getvera/veraedge_firmware < 1.7.19

getvera/veralite_firmware < 1.7.481

Published Jun 17, 2019

Tracked Since Feb 18, 2026