Ubiquitinetworks
Products
2- 7 CVEs
- 2 CVEs
Recent CVEs
9| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-12591 | Hig | 0.47 | 7.2 | 0.02 | Jun 20, 2018 | Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an improperly neutralized element in an OS command due to lack of protection on the admin CLI, leading to code execution and privilege escalation greater than administrators themselves are allowed. An attacker with… | ||
| CVE-2018-12590 | Hig | 0.47 | 7.2 | 0.02 | Jun 20, 2018 | Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an externally controlled format-string vulnerability due to lack of protection on the admin CLI, leading to code execution and privilege escalation greater than administrators themselves are allowed. An attacker… | ||
| CVE-2020-8233 | 0.01 | — | 0.04 | Aug 17, 2020 | A command injection vulnerability exists in EdgeSwitch firmware <v1.9.0 that allowed an authenticated read-only user to execute arbitrary shell commands over the HTTP interface, allowing them to escalate privileges. | |||
| CVE-2020-8157 | 0.00 | — | 0.00 | May 2, 2020 | UniFi Cloud Key firmware <= v1.1.10 for Cloud Key gen2 and Cloud Key gen2 Plus contains a vulnerability that allows unrestricted root access through the serial interface (UART). | |||
| CVE-2020-8148 | 0.00 | — | 0.01 | Apr 13, 2020 | UniFi Cloud Key firmware < 1.1.6 contains a vulnerability that enables an attacker being able to change a device hostname by sending a malicious API request. This affects Cloud Key gen2 and Cloud Key gen2 Plus. | |||
| CVE-2020-8126 | 0.00 | — | 0.01 | Feb 7, 2020 | A privilege escalation in the EdgeSwitch prior to version 1.7.1, an CGI script don't fully sanitize the user input resulting in local commands execution, allowing an operator user (Privilege-1) to escalate privileges and became administrator (Privilege-15). | |||
| CVE-2019-5426 | 0.00 | — | 0.01 | Apr 10, 2019 | In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an unauthenticated user can use the "local port forwarding" and "dynamic port forwarding" (SOCKS proxy) functionalities. Remote attackers without credentials can exploit this bug to access local services or forward traffic… | |||
| CVE-2019-5425 | 0.00 | — | 0.02 | Apr 10, 2019 | In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an authenticated user can execute arbitrary shell commands over the SSH interface bypassing the CLI interface, which allow them to escalate privileges to root. | |||
| CVE-2019-5424 | 0.00 | — | 0.02 | Apr 10, 2019 | In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, a privileged user can execute arbitrary shell commands over the SSH CLI interface. This allows to execute shell commands under the root user. |
- risk 0.47cvss 7.2epss 0.02
Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an improperly neutralized element in an OS command due to lack of protection on the admin CLI, leading to code execution and privilege escalation greater than administrators themselves are allowed. An attacker with…
- risk 0.47cvss 7.2epss 0.02
Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an externally controlled format-string vulnerability due to lack of protection on the admin CLI, leading to code execution and privilege escalation greater than administrators themselves are allowed. An attacker…
- CVE-2020-8233Aug 17, 2020risk 0.01cvss —epss 0.04
A command injection vulnerability exists in EdgeSwitch firmware <v1.9.0 that allowed an authenticated read-only user to execute arbitrary shell commands over the HTTP interface, allowing them to escalate privileges.
- CVE-2020-8157May 2, 2020risk 0.00cvss —epss 0.00
UniFi Cloud Key firmware <= v1.1.10 for Cloud Key gen2 and Cloud Key gen2 Plus contains a vulnerability that allows unrestricted root access through the serial interface (UART).
- CVE-2020-8148Apr 13, 2020risk 0.00cvss —epss 0.01
UniFi Cloud Key firmware < 1.1.6 contains a vulnerability that enables an attacker being able to change a device hostname by sending a malicious API request. This affects Cloud Key gen2 and Cloud Key gen2 Plus.
- CVE-2020-8126Feb 7, 2020risk 0.00cvss —epss 0.01
A privilege escalation in the EdgeSwitch prior to version 1.7.1, an CGI script don't fully sanitize the user input resulting in local commands execution, allowing an operator user (Privilege-1) to escalate privileges and became administrator (Privilege-15).
- CVE-2019-5426Apr 10, 2019risk 0.00cvss —epss 0.01
In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an unauthenticated user can use the "local port forwarding" and "dynamic port forwarding" (SOCKS proxy) functionalities. Remote attackers without credentials can exploit this bug to access local services or forward traffic…
- CVE-2019-5425Apr 10, 2019risk 0.00cvss —epss 0.02
In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an authenticated user can execute arbitrary shell commands over the SSH interface bypassing the CLI interface, which allow them to escalate privileges to root.
- CVE-2019-5424Apr 10, 2019risk 0.00cvss —epss 0.02
In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, a privileged user can execute arbitrary shell commands over the SSH CLI interface. This allows to execute shell commands under the root user.