Vulnerability Details CVE-2019-13598
LuaUPnP in Vera Edge Home Controller 1.7.4452 allows remote unauthenticated users to execute arbitrary OS commands via the code parameter to /port_3480/data_request because the "No unsafe lua allowed" code block is skipped.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.094
EPSS Ranking 92.4%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
Products affected by CVE-2019-13598
-
cpe:2.3:h:getvera:vera_edge:-
-
cpe:2.3:o:getvera:vera_edge_firmware:1.7.4452