How severe is CVE-2017-9386?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2017-9386?

This is classified as CWE-22, which is a common weakness in software security.

CVE-2017-9386 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a script file called "get_file.sh" which allows a user to retrieve any file stored in the "cmh-ext" folder on the device. However, the "filename" parameter is not validated correctly and this allows an attacker to directory traverse outside the /cmh-ext folder and read any file on the device. It is necessary to create the folder "cmh-ext" on the device which can be executed by an attacker first in an unauthenticated fashion and then execute a directory traversal attack.

Related Vulnerabilities

CVE-2009-4053

MEDIUM

CVSS:6.5(Medium)

Multiple directory traversal vulnerabilities in Home FTP Server 1.10.1.139 allow remote authenticated users to (1) create arbitrary directories via directory traversal sequences in an MKD command or (...

CWE-222009

CVE-2009-4449

MEDIUM

CVSS:6.5(Medium)

Directory traversal vulnerability in MyBB (aka MyBulletinBoard) 1.4.10, and possibly earlier versions, when changing the user avatar from the gallery, allows remote authenticated users to determine th...

CWE-222009

CVE-2011-4350

MEDIUM

CVSS:6.5(Medium)

Yaws 1.91 has a directory traversal vulnerability in the way certain URLs are processed. A remote authenticated user could use this flaw to obtain content of arbitrary local files via specially-crafte...

CWE-222011

CVE-2013-1597

MEDIUM

CVSS:6.5(Medium)

A Directory Traversal vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via a specially crafted GET request, which could let a malicious user obtain user credentials.

CWE-222013

CVE-2013-1891

MEDIUM

CVSS:6.5(Medium)

In OpenCart 1.4.7 to 1.5.5.1, implemented anti-traversal code in filemanager.php is ineffective and can be bypassed.

CWE-222013

CVE-2013-3993

MEDIUM

CVSS:6.5(Medium)

IBM InfoSphere BigInsights before 2.1.0.3 allows remote authenticated users to bypass intended file and directory restrictions, or access untrusted data or code, via crafted parameters in unspecified ...

CWE-222013