Ucopia
Products
5- 4 CVEs
- 3 CVEs
- 2 CVEs
- 2 CVEs
- 0 CVEs
Recent CVEs
9| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-44720 | Cri | 0.64 | 9.8 | 0.03 | Jun 29, 2023 | An issue was discovered in Weblib Ucopia before 6.0.13. OS Command Injection injection can occur, related to chroot. | ||
| CVE-2020-25036 | Hig | 0.57 | 8.8 | 0.02 | Feb 2, 2021 | UCOPIA Wi-Fi appliances 6.0.5 allow authenticated remote attackers to escape the restricted administration shell CLI, and access a shell with admin user rights, via an unprotected less command. | ||
| CVE-2018-15481 | Hig | 0.57 | 8.8 | 0.01 | Aug 21, 2018 | Improper input sanitization within the restricted administration shell on UCOPIA Wireless Appliance devices using firmware version 5.1.x before 5.1.13 allows authenticated remote attackers to escape the shell and escalate their privileges by adding a LocalCommand to the SSH… | ||
| CVE-2017-11322 | Hig | 0.57 | 8.2 | 0.05 | Oct 3, 2017 | The chroothole_client executable in UCOPIA Wireless Appliance before 5.1.8 allows remote attackers to gain root privileges via a dollar sign ($) metacharacter in the argument to chroothole_client. | ||
| CVE-2020-25037 | Hig | 0.53 | 8.2 | 0.01 | Feb 2, 2021 | UCOPIA Wi-Fi appliances 6.0.5 allow arbitrary code execution with admin user privileges via an escape from a restricted command. | ||
| CVE-2017-11321 | Hig | 0.50 | 7.2 | 0.08 | Oct 3, 2017 | The restricted shell interface in UCOPIA Wireless Appliance before 5.1.8 allows remote authenticated users to gain 'admin' privileges via shell metacharacters in the less command. | ||
| CVE-2022-44719 | Hig | 0.49 | 7.5 | 0.01 | Jun 29, 2023 | An issue was discovered in Weblib Ucopia before 6.0.13. The SSH Server has Insecure Permissions. | ||
| CVE-2020-25035 | Med | 0.44 | 6.7 | 0.01 | Feb 2, 2021 | UCOPIA Wi-Fi appliances 6.0.5 allow arbitrary code execution with root privileges using chroothole_client's PHP call, a related issue to CVE-2017-11322. | ||
| CVE-2017-17743 | Med | 0.44 | 6.7 | 0.01 | Mar 22, 2018 | Improper input sanitization within the restricted administration shell on UCOPIA Wireless Appliance devices before 4.4.20, 5.0.x before 5.0.19, and 5.1.x before 5.1.11 allows authenticated remote attackers to escape the shell and escalate their privileges by uploading a .bashrc… |
- risk 0.64cvss 9.8epss 0.03
An issue was discovered in Weblib Ucopia before 6.0.13. OS Command Injection injection can occur, related to chroot.
- risk 0.57cvss 8.8epss 0.02
UCOPIA Wi-Fi appliances 6.0.5 allow authenticated remote attackers to escape the restricted administration shell CLI, and access a shell with admin user rights, via an unprotected less command.
- risk 0.57cvss 8.8epss 0.01
Improper input sanitization within the restricted administration shell on UCOPIA Wireless Appliance devices using firmware version 5.1.x before 5.1.13 allows authenticated remote attackers to escape the shell and escalate their privileges by adding a LocalCommand to the SSH…
- risk 0.57cvss 8.2epss 0.05
The chroothole_client executable in UCOPIA Wireless Appliance before 5.1.8 allows remote attackers to gain root privileges via a dollar sign ($) metacharacter in the argument to chroothole_client.
- risk 0.53cvss 8.2epss 0.01
UCOPIA Wi-Fi appliances 6.0.5 allow arbitrary code execution with admin user privileges via an escape from a restricted command.
- risk 0.50cvss 7.2epss 0.08
The restricted shell interface in UCOPIA Wireless Appliance before 5.1.8 allows remote authenticated users to gain 'admin' privileges via shell metacharacters in the less command.
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in Weblib Ucopia before 6.0.13. The SSH Server has Insecure Permissions.
- risk 0.44cvss 6.7epss 0.01
UCOPIA Wi-Fi appliances 6.0.5 allow arbitrary code execution with root privileges using chroothole_client's PHP call, a related issue to CVE-2017-11322.
- risk 0.44cvss 6.7epss 0.01
Improper input sanitization within the restricted administration shell on UCOPIA Wireless Appliance devices before 4.4.20, 5.0.x before 5.0.19, and 5.1.x before 5.1.11 allows authenticated remote attackers to escape the shell and escalate their privileges by uploading a .bashrc…