CVEs (5)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Micasaverde 1Veralite Firmware Nov 21, 2024 Jan 28, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in upgrade_step2.sh in MiCasaVerde VeraLite with firmware 1.5.408 allows remote attackers to hijack the authentication of users for requests that install arbitrary firmware...Show more |
1Micasaverde 1Veralite Firmware Nov 21, 2024 Jan 28, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 MiCasaVerde VeraLite with firmware 1.5.408 allows remote attackers to send HTTP requests to intranet servers via the url parameter to cgi-bin/cmh/proxy.sh, related to a Server-Side Request Forgery (SSRF) issue. |
The HomeAutomationGateway service in MiCasaVerde VeraLite with firmware 1.5.408 allows (1) remote attackers to execute arbitrary Lua code via a RunLua action in a request to upnp/control/hag on port 49451 or (2) remote a...Show more |
1Micasaverde 1Veralite Firmware Nov 21, 2024 Jan 28, 2020 N/A· v4 8.1 HIGH· v3 5.5 MEDIUM· v2 MiCasaVerde VeraLite with firmware 1.5.408 does not properly restrict access, which allows remote authenticated users to (1) update the firmware via the squashfs parameter to upgrade_step2.sh or (2) obtain hashed passwor...Show more |
1Micasaverde 1Veralite Firmware Nov 21, 2024 Jan 28, 2020 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Directory traversal vulnerability in cgi-bin/cmh/get_file.sh in MiCasaVerde VeraLite with firmware 1.5.408 allows remote authenticated users to read arbirary files via a .. (dot dot) in the filename parameter. |