CVE-2017-0932

Ubiquiti Networks EdgeOS version 1.9.1.1 and prior suffer from an Improper Privilege Management vulnerability due to the lack of validation on the input of the Feature functionality. An attacker with access to an operator read-only account and ssh connection to the devices could escalate privileg...

CVE-2017-0933

Ubiquiti Networks EdgeOS version 1.9.1 and prior suffer from a Cross-Site Request Forgery CSRF vulnerability. An attacker with access to an operator read-only account could lure an admin root user to access the attacker-controlled page, allowing the attacker to gain admin privileges in the system...

CVE-2017-0935

Ubiquiti Networks EdgeOS version 1.9.1.1 and prior suffer from an Improper Privilege Management vulnerability due to the lack of protection of the file system leading to sensitive information being exposed. An attacker with access to an operator read-only account could escalate privileges to admi...

Privilege escalation

Ubiquiti Networks EdgeOS version 1.9.1.1 and prior suffer from an Improper Privilege Management vulnerability due to the lack of protection of the file system leading to sensitive information being exposed. An attacker with access to an operator read-only account could escalate privileges to admi...

CVE-2017-0935

Ubiquiti Networks EdgeOS version 1.9.1.1 and prior suffer from an Improper Privilege Management vulnerability due to the lack of protection of the file system leading to sensitive information being exposed. An attacker with access to an operator read-only account could escalate privileges to admi...

CVE-2017-0932

Ubiquiti Networks EdgeOS version 1.9.1.1 and prior suffer from an Improper Privilege Management vulnerability due to the lack of validation on the input of the Feature functionality. An attacker with access to an operator read-only account and ssh connection to the devices could escalate privileg...

CVE-2017-0934

Ubiquiti Networks EdgeOS version 1.9.1 and prior suffer from an Improper Privilege Management vulnerability due to the lack of protection of the file system leading to sensitive information being exposed. An attacker with access to an operator read-only account could escalate privileges to admin...

CVE-2017-0932

CVE-2017-0932 affects Ubiquiti Networks EdgeOS 1.9.1.1 and earlier (EdgeRouter X among affected devices). The root cause is improper input validation in the Feature functionality, enabling an attacker with an operator (read-only) account and SSH access to escalate to admin/root. Public sources de...

CVE-2017-0933

CVE-2017-0933 affects Ubiquiti Networks EdgeOS 1.9.1 and earlier. The vulnerability is a Cross-Site Request Forgery (CSRF) that can be triggered by an attacker who gains access to an operator (read-only) account and lures an admin (root) user to visit a attacker-controlled page, enabling the atta...

CVE-2017-0935

EdgeOS (Ubiquiti EdgeRouter) versions 1.9.1.1 and earlier are affected by an Improper Privilege Management flaw caused by inadequate file-system protections, enabling an operator (read-only) account to escalate to admin/root. The CVSS metrics indicate high impact with attacker being network-origi...

CVE-2017-0932

Ubiquiti Networks EdgeOS version 1.9.1.1 and prior suffer from an Improper Privilege Management vulnerability due to the lack of validation on the input of the Feature functionality. An attacker with access to an operator read-only account and ssh connection to the devices could escalate privileg...

CVE-2017-0933

Ubiquiti Networks EdgeOS version 1.9.1 and prior suffer from a Cross-Site Request Forgery CSRF vulnerability. An attacker with access to an operator read-only account could lure an admin root user to access the attacker-controlled page, allowing the attacker to gain admin privileges in the system...

CVE-2017-0934

Ubiquiti Networks EdgeOS version 1.9.1 and prior suffer from an Improper Privilege Management vulnerability due to the lack of protection of the file system leading to sensitive information being exposed. An attacker with access to an operator read-only account could escalate privileges to admin...

CVE-2017-0934

Affected software: Ubiquiti Networks EdgeOS (EdgeRouter) versions 1.9.1 and prior. Root cause: improper privilege management due to inadequate file-system protections, allowing exposure of sensitive information. Impact: an attacker with operator (read-only) access could escalate to admin/root pri...

CVE-2017-0935

Ubiquiti Networks EdgeOS version 1.9.1.1 and prior suffer from an Improper Privilege Management vulnerability due to the lack of protection of the file system leading to sensitive information being exposed. An attacker with access to an operator read-only account could escalate privileges to admi...

Ubiquiti Inc.: Privilege Escalation with Session Hijacking Having a Non-privileged Valid User

EdgeOS version 1.9.1.1 and prior, consequence of lack of protection if the file-system, exposing sensitive information, an attacker with access to an operator read-only account, can escalate privileges to admin root access in the system...

Ubiquiti Inc.: CSRF: Replacing the router configuration backup having an 'operator' user and bypassing the "Referer:' whitelist protection

EdgeOS version 1.9.1 and prior, the researcher was able to bypass the CSRF protection. An attacker with access to an operator read-only account, can lure an admin root user to access the attacker controlled page, doing so will allow the attacker to gain admin privileges in the system...

Ubiquiti Inc.: Privilege Escalation using API->Feature

EdgeOS version 1.9.1.1 and prior, consequence of the lack of validation on the input of the Feature functionality, an attacker with access to an operator read-only account and ssh connection to the devices, can escalate privileges to admin root access in the system. The EdgeRouter X firmware...