The researcher found a privilege escalation in the EdgeSwitch prior to version
1.7.1, an CGI script don't fully sanitize the user input resulting in local commands execution, allowing an operator user (
Privilege-1) to escalate privileges and became administrator (
OS command injection in the Web interface in Ubiquiti Networks EdgeSwitch prior to version
1.7.1 allows a limited privileges operator to escalate his privileges to root via crafting a specific HTTP request to a CGI script while logged in.