Ubiquiti Networks: Privilege escalation in the client impersonation functionality

ID H1:221454
Type hackerone
Reporter twicedi
Modified 2017-11-13T10:41:48


In UCRM 2.3.0-beta4 and prior, consequence of a lack of validation in Client Impersonation functionality, an attacker with access to an Read-Only account can escalate privileges to Admin. The vulnerability was fixed in UCRM 2.3.0.