VYPR

EdgeMAX EdgeSwitch

by Ubiquiti Inc

CVEs (10)

  • CVE-2015-9266CriSep 5, 2018
    risk 0.73cvss 9.8epss 0.74

    The web management interface of Ubiquiti airMAX, airFiber, airGateway and EdgeSwitch XP (formerly TOUGHSwitch) allows an unauthenticated attacker to upload and write arbitrary files using directory traversal techniques. An attacker can exploit this vulnerability to gain root…

  • CVE-2020-8234CriAug 21, 2020
    risk 0.64cvss 9.8epss 0.03

    A vulnerability exists in The EdgeMax EdgeSwitch firmware <v1.9.1 where the EdgeSwitch legacy web interface SIDSSL cookie for admin can be guessed, enabling the attacker to obtain high privileges and get a root shell by a Command injection.

  • CVE-2020-8233HigAug 17, 2020
    risk 0.58cvss 8.8epss 0.04

    A command injection vulnerability exists in EdgeSwitch firmware <v1.9.0 that allowed an authenticated read-only user to execute arbitrary shell commands over the HTTP interface, allowing them to escalate privileges.

  • CVE-2019-5425HigApr 10, 2019
    risk 0.57cvss 8.8epss 0.02

    In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an authenticated user can execute arbitrary shell commands over the SSH interface bypassing the CLI interface, which allow them to escalate privileges to root.

  • CVE-2020-8126HigFeb 7, 2020
    risk 0.51cvss 7.8epss 0.01

    A privilege escalation in the EdgeSwitch prior to version 1.7.1, an CGI script don't fully sanitize the user input resulting in local commands execution, allowing an operator user (Privilege-1) to escalate privileges and became administrator (Privilege-15).

  • CVE-2025-48978HigAug 21, 2025
    risk 0.49cvss 7.5epss 0.01

    An Improper Input Validation in EdgeMAX EdgeSwitch (Version 1.11.0 and earlier) could allow a Command Injection by a malicious actor with access to EdgeSwitch adjacent network. Affected Products: EdgeMAX EdgeSwitch (Version 1.11.0 and earlier) Mitigation: …

  • CVE-2025-27211HigAug 4, 2025
    risk 0.49cvss 7.5epss 0.01

    An Improper Input Validation in EdgeMAX EdgeSwitch (Version 1.10.4 and earlier) could allow a Command Injection by a malicious actor with access to EdgeSwitch adjacent network.

  • CVE-2018-12590HigJun 20, 2018
    risk 0.47cvss 7.2epss 0.02

    Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an externally controlled format-string vulnerability due to lack of protection on the admin CLI, leading to code execution and privilege escalation greater than administrators themselves are allowed. An attacker…

  • CVE-2019-5445MedJul 10, 2019
    risk 0.32cvss 4.9epss 0.01

    DoS in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin user to Crash the SSH CLI interface by using crafted commands.

  • CVE-2019-5426MedApr 10, 2019
    risk 0.31cvss 4.8epss 0.01

    In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an unauthenticated user can use the "local port forwarding" and "dynamic port forwarding" (SOCKS proxy) functionalities. Remote attackers without credentials can exploit this bug to access local services or forward traffic…