📦 Verasmart

Calero VeraSMART versions before 2022 R1 expose an unauthenticated .NET Remoting service on port 8001, allowing remote attackers to read/write arbitrary files and potentially achieve remote code execu...

This vulnerability allows attackers to achieve remote code execution on Calero VeraSMART servers by exploiting static ASP.NET machine keys. Attackers can craft malicious ViewState payloads that bypass...

Calero VeraSMART versions before 2026 R1 contain hardcoded AES encryption keys in the Veramark.Framework.dll file. This allows attackers with local system access to decrypt service account credentials...