Details of VAR-201906-0836

ID

VAR-201906-0836

CVE

CVE-2017-9392

TITLE

Vera VeraEdge and Veralite Device buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-014529

DESCRIPTION

An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides UPnP services that are available on port 3480 and can also be accessed via port 80 using the url "/port_3480". It seems that the UPnP services provide "request_image" as one of the service actions for a normal user to retrieve an image from a camera that is controlled by the controller. It seems that the "res" (resolution) parameter passed in the query string is not sanitized and is stored on the stack which allows an attacker to overflow the buffer. The function "LU::Generic_IP_Camera_Manager::REQ_Image" is activated when the lu_request_image is passed as the "id" parameter in the query string. This function then calls "LU::Generic_IP_Camera_Manager::GetUrlFromArguments". This function retrieves all the parameters passed in the query string including "res" and then uses the value passed in it to fill up buffer using the sprintf function. However, the function in this case lacks a simple length check and as a result an attacker who is able to send more than 184 characters can easily overflow the values stored on the stack including the $RA value and thus execute code on the device. Vera VeraEdge and Veralite The device contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. An attacker could exploit this vulnerability to execute code on the device

Trust: 1.8

sources: NVD: CVE-2017-9392 // JVNDB: JVNDB-2017-014529 // VULHUB: VHN-117595 // VULMON: CVE-2017-9392

IOT TAXONOMY

category:

['home & office device']

sub_category:

smart home controller

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:	getvera	model:	veralite	scope:	lte	version:	1.7.481	Trust: 1.0
vendor:	getvera	model:	veraedge	scope:	lte	version:	1.7.19	Trust: 1.0
vendor:	vera control	model:	veraedge	scope:	eq	version:	1.7.19	Trust: 0.8
vendor:	vera control	model:	veralite	scope:	eq	version:	1.7.481	Trust: 0.8

sources: JVNDB: JVNDB-2017-014529 // NVD: CVE-2017-9392

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-9392
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-9392
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201706-116
value:	HIGH
Trust: 0.6
VULHUB:	VHN-117595
value:	HIGH
Trust: 0.1
VULMON:	CVE-2017-9392
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-9392
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-117595
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-9392
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-117595 // VULMON: CVE-2017-9392 // JVNDB: JVNDB-2017-014529 // CNNVD: CNNVD-201706-116 // NVD: CVE-2017-9392

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-117595 // JVNDB: JVNDB-2017-014529 // NVD: CVE-2017-9392

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201706-116

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201706-116

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-014529

PATCH

title:	VeraEdge	url:	https://getvera.com/controllers/veraedge/	Trust: 0.8
title:	VeraLite	url:	https://getvera.com/controllers/veralite/	Trust: 0.8
title:	IoT_vulnerabilities	url:	https://github.com/ethanhunnt/IoT_vulnerabilities	Trust: 0.1

sources: VULMON: CVE-2017-9392 // JVNDB: JVNDB-2017-014529

EXTERNAL IDS

db:	NVD	id:	CVE-2017-9392	Trust: 2.8
db:	PACKETSTORM	id:	153242	Trust: 1.9
db:	JVNDB	id:	JVNDB-2017-014529	Trust: 0.8
db:	CNNVD	id:	CNNVD-201706-116	Trust: 0.7
db:	OTHER	id:	NONE	Trust: 0.1
db:	VULHUB	id:	VHN-117595	Trust: 0.1
db:	VULMON	id:	CVE-2017-9392	Trust: 0.1

sources: OTHER: None // VULHUB: VHN-117595 // VULMON: CVE-2017-9392 // JVNDB: JVNDB-2017-014529 // PACKETSTORM: 153242 // CNNVD: CNNVD-201706-116 // NVD: CVE-2017-9392

REFERENCES

url:	https://github.com/ethanhunnt/iot_vulnerabilities/blob/master/vera_sec_issues.pdf	Trust: 2.6
url:	https://seclists.org/bugtraq/2019/jun/8	Trust: 1.8
url:	http://packetstormsecurity.com/files/153242/veralite-veraedge-router-xss-command-injection-csrf-traversal.html	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-9392	Trust: 1.5
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9392	Trust: 0.8
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/ethanhunnt/iot_vulnerabilities	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-9381	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-9391	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-9389	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-9390	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-9388	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-9385	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-9386	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-9383	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-9387	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-9382	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-9384	Trust: 0.1

sources: OTHER: None // VULHUB: VHN-117595 // VULMON: CVE-2017-9392 // JVNDB: JVNDB-2017-014529 // PACKETSTORM: 153242 // CNNVD: CNNVD-201706-116 // NVD: CVE-2017-9392

CREDITS

Mandar Satam

Trust: 0.1

sources: PACKETSTORM: 153242

SOURCES

db:	OTHER	id:	-
db:	VULHUB	id:	VHN-117595
db:	VULMON	id:	CVE-2017-9392
db:	JVNDB	id:	JVNDB-2017-014529
db:	PACKETSTORM	id:	153242
db:	CNNVD	id:	CNNVD-201706-116
db:	NVD	id:	CVE-2017-9392

LAST UPDATE DATE

2025-01-30T21:41:02.425000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-117595	date:	2019-06-20T00:00:00
db:	VULMON	id:	CVE-2017-9392	date:	2019-06-20T00:00:00
db:	JVNDB	id:	JVNDB-2017-014529	date:	2019-06-24T00:00:00
db:	CNNVD	id:	CNNVD-201706-116	date:	2019-06-21T00:00:00
db:	NVD	id:	CVE-2017-9392	date:	2024-11-21T03:36:02.103

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-117595	date:	2019-06-17T00:00:00
db:	VULMON	id:	CVE-2017-9392	date:	2019-06-17T00:00:00
db:	JVNDB	id:	JVNDB-2017-014529	date:	2019-06-24T00:00:00
db:	PACKETSTORM	id:	153242	date:	2019-06-07T15:06:02
db:	CNNVD	id:	CNNVD-201706-116	date:	2017-06-06T00:00:00
db:	NVD	id:	CVE-2017-9392	date:	2019-06-17T21:15:09.613