MiCasaVerde VeraLite UPnP RCE

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote device is affected by a remote code execution
vulnerability.

Description :

The remote MiCasaVerde VeraLite Smart Home Controller is affected by a
remote code execution vulnerability. An unauthenticated, remote
attacker can exploit this, via the UPnP RunLua action, to execute
arbitrary shell commands as root.

Note that MiCasaVerde VeraLite is reportedly affected by additional
vulnerabilities; however, Nessus has not tested for these.

See also :

http://getvera.com/controllers/veralite/
https://www3.trustwave.com/spiderlabs/advisories/TWSL2013-019.txt

Solution :

The vendor has stated that they will not patch the vulnerability.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 9.0
(CVSS2#E:POC/RL:U/RC:ND)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 93911 ()

Bugtraq ID: 61591

CVE ID: CVE-2013-4863

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now