VYPR
Vendor

Ubiquitinetworks

Products
2
CVEs
9
Across products
9
Status
Private

Products

2

Recent CVEs

9
  • CVE-2018-12591HigJun 20, 2018
    risk 0.47cvss 7.2epss 0.02

    Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an improperly neutralized element in an OS command due to lack of protection on the admin CLI, leading to code execution and privilege escalation greater than administrators themselves are allowed. An attacker with…

  • CVE-2018-12590HigJun 20, 2018
    risk 0.47cvss 7.2epss 0.02

    Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an externally controlled format-string vulnerability due to lack of protection on the admin CLI, leading to code execution and privilege escalation greater than administrators themselves are allowed. An attacker…

  • CVE-2020-8233Aug 17, 2020
    risk 0.01cvss epss 0.04

    A command injection vulnerability exists in EdgeSwitch firmware <v1.9.0 that allowed an authenticated read-only user to execute arbitrary shell commands over the HTTP interface, allowing them to escalate privileges.

  • CVE-2020-8157May 2, 2020
    risk 0.00cvss epss 0.00

    UniFi Cloud Key firmware <= v1.1.10 for Cloud Key gen2 and Cloud Key gen2 Plus contains a vulnerability that allows unrestricted root access through the serial interface (UART).

  • CVE-2020-8148Apr 13, 2020
    risk 0.00cvss epss 0.01

    UniFi Cloud Key firmware < 1.1.6 contains a vulnerability that enables an attacker being able to change a device hostname by sending a malicious API request. This affects Cloud Key gen2 and Cloud Key gen2 Plus.

  • CVE-2020-8126Feb 7, 2020
    risk 0.00cvss epss 0.01

    A privilege escalation in the EdgeSwitch prior to version 1.7.1, an CGI script don't fully sanitize the user input resulting in local commands execution, allowing an operator user (Privilege-1) to escalate privileges and became administrator (Privilege-15).

  • CVE-2019-5426Apr 10, 2019
    risk 0.00cvss epss 0.01

    In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an unauthenticated user can use the "local port forwarding" and "dynamic port forwarding" (SOCKS proxy) functionalities. Remote attackers without credentials can exploit this bug to access local services or forward traffic…

  • CVE-2019-5425Apr 10, 2019
    risk 0.00cvss epss 0.02

    In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an authenticated user can execute arbitrary shell commands over the SSH interface bypassing the CLI interface, which allow them to escalate privileges to root.

  • CVE-2019-5424Apr 10, 2019
    risk 0.00cvss epss 0.02

    In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, a privileged user can execute arbitrary shell commands over the SSH CLI interface. This allows to execute shell commands under the root user.