Getvera: >> Vera Edge Firmware Security Vulnerabilities
cgi-bin/cmh/webcam.sh in Vera Edge Home Controller 1.7.4452 allows remote unauthenticated users to execute arbitrary OS commands via --output argument injection in the username parameter to /cgi-bin/cmh/webcam.sh.
CVSS Score
8.8
EPSS Score
0.019
Published
2019-08-23
LuaUPnP in Vera Edge Home Controller 1.7.4452 allows remote unauthenticated users to execute arbitrary OS commands via the code parameter to /port_3480/data_request because the "No unsafe lua allowed" code block is skipped.
CVSS Score
9.8
EPSS Score
0.094
Published
2019-07-14