Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
hackeronePhenixH1:197958
HistoryJan 12, 2017 - 10:20 p.m.

Ubiquiti Inc.: [EdgeSwitch] Web GUI command injection as root with Privilege-1 and Privilege-15 users

2017-01-1222:20:19
phenix
hackerone.com
23

EPSS

0

Percentile

13.1%

JSON

The researcher found a privilege escalation in the EdgeSwitch prior to version 1.7.1, an CGI script don’t fully sanitize the user input resulting in local commands execution, allowing an operator user (Privilege-1) to escalate privileges and became administrator (Privilege-15).
OS command injection in the Web interface in Ubiquiti Networks EdgeSwitch prior to version 1.7.1 allows a limited privileges operator to escalate his privileges to root via crafting a specific HTTP request to a CGI script while logged in.

Related

prion 1
nvd 1
cvelist 1
cve 1
prion
prion
Privilege escalation
2020-02-07 15:15:00
nvd
nvd
CVE-2020-8126
2020-02-07 15:15:11
cvelist
cvelist
CVE-2020-8126
2020-02-07 14:56:17
cve
cve
CVE-2020-8126
2020-02-07 15:15:11

EPSS

0

Percentile

13.1%

JSON
Related for H1:197958
prion1nvd1cvelist1cve1