MiCasaVerde VeraLite UPnP RCE

Critical Nessus Plugin ID 93911


The remote device is affected by a remote code execution vulnerability.


The remote MiCasaVerde VeraLite Smart Home Controller is affected by a remote code execution vulnerability. An unauthenticated, remote attacker can exploit this, via the UPnP RunLua action, to execute arbitrary shell commands as root.

Note that MiCasaVerde VeraLite is reportedly affected by additional vulnerabilities; however, Nessus has not tested for these.


The vendor has stated that they will not patch the vulnerability.

See Also



Plugin Details

Severity: Critical

ID: 93911

File Name: micasaverde_veralite_runlua.nasl

Version: 1.6

Type: remote

Family: Misc.

Published: 2016/10/07

Modified: 2018/11/15

Dependencies: 35712

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

CVSS v3.0

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Vulnerability Publication Date: 2013/08/01

Reference Information

CVE: CVE-2013-4863

BID: 61591

EDB-ID: 27286