← Back

Vera Edge Firmware

vera_edge_firmware

Vendor: Getvera • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2019-15498
1Getvera
1Vera Edge Firmware
Nov 21, 2024
Aug 23, 2019
N/A· v4
8.8 HIGH· v3
9.3 HIGH· v2
cgi-bin/cmh/webcam.sh in Vera Edge Home Controller 1.7.4452 allows remote unauthenticated users to execute arbitrary OS commands via --output argument injection in the username parameter to /cgi-bin/cmh/webcam.sh.
CVE-2019-13598
1Getvera
1Vera Edge Firmware
Nov 21, 2024
Jul 14, 2019
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
LuaUPnP in Vera Edge Home Controller 1.7.4452 allows remote unauthenticated users to execute arbitrary OS commands via the code parameter to /port_3480/data_request because the "No unsafe lua allowed" code block is skipp...Show more
LuaUPnP in Vera Edge Home Controller 1.7.4452 allows remote unauthenticated users to execute arbitrary OS commands via the code parameter to /port_3480/data_request because the "No unsafe lua allowed" code block is skipped.Show less