97 matches found
CVE-2020-8232
An information disclosure vulnerability exists in EdgeMax EdgeSwitch firmware v1.9.0 that allowed read only users could obtain unauthorized information through SNMP community pages...
Information disclosure
An information disclosure vulnerability exists in EdgeMax EdgeSwitch firmware v1.9.0 that allowed read only users could obtain unauthorized information through SNMP community pages...
Command injection
A command injection vulnerability exists in EdgeSwitch firmware v1.9.0 that allowed an authenticated read-only user to execute arbitrary shell commands over the HTTP interface, allowing them to escalate privileges...
CVE-2020-8233
CVE-2020-8233 is a command-injection vulnerability in Ubiquiti EdgeSwitch firmware prior to v1.9.0. An authenticated read-only user could execute arbitrary shell commands via the HTTP interface, enabling privilege escalation. The vulnerability affects EdgeSwitch firmware
CVE-2020-8233
A command injection vulnerability exists in EdgeSwitch firmware v1.9.0 that allowed an authenticated read-only user to execute arbitrary shell commands over the HTTP interface, allowing them to escalate privileges...
EUVD-2020-29105
A command injection vulnerability exists in EdgeSwitch firmware v1.9.0 that allowed an authenticated read-only user to execute arbitrary shell commands over the HTTP interface, allowing them to escalate privileges...
CVE-2020-8232
CVE-2020-8232 affects Ubiquiti EdgeMax EdgeSwitch firmware v1.9.0 (EdgeSwitch ESWH/ESGH). An information disclosure vulnerability allows read-only SNMP users to obtain unauthorized information via SNMP community pages. Exploitation details are not described in the primary documents, but multiple ...
CVE-2020-8232
An information disclosure vulnerability exists in EdgeMax EdgeSwitch firmware v1.9.0 that allowed read only users could obtain unauthorized information through SNMP community pages...
Ubiquiti Inc.: SNMP Community String Disclosure to ReadOnly Users on EdgeSwitch
Read only users could execute unauthorized tasks and through SNMP community string pages. These vulnerabilities were found on EdgeSwitch 1G switch ESWH and EdgeSwitch 10G switch ESGH firmware v1.9.0. The fix for these vulnerabilities were included in the EdgeMax EdgeSwitch firmware v1.9.1 For mor...
Ubiquiti Inc.: Readonly to Root Privilege Escalation on EdgeSwitch
An authenticated read-only user can execute arbitrary shell commands over the HTTP interface, allowing them to escalate privileges. These vulnerabilities were found on EdgeSwitch 1G switch ESWH and EdgeSwitch 10G switch ESGH firmware v1.9.0. The fix for these vulnerabilities were included in the...
CVE-2020-8126
A privilege escalation in the EdgeSwitch prior to version 1.7.1, an CGI script don't fully sanitize the user input resulting in local commands execution, allowing an operator user Privilege-1 to escalate privileges and became administrator Privilege-15...
CVE-2020-8126
A privilege escalation in the EdgeSwitch prior to version 1.7.1, an CGI script don't fully sanitize the user input resulting in local commands execution, allowing an operator user Privilege-1 to escalate privileges and became administrator Privilege-15...
Privilege escalation
A privilege escalation in the EdgeSwitch prior to version 1.7.1, an CGI script don't fully sanitize the user input resulting in local commands execution, allowing an operator user Privilege-1 to escalate privileges and became administrator Privilege-15...
CVE-2020-8126
A privilege escalation in the EdgeSwitch prior to version 1.7.1, an CGI script don't fully sanitize the user input resulting in local commands execution, allowing an operator user Privilege-1 to escalate privileges and became administrator Privilege-15...
CVE-2020-8126
The CVE-2020-8126 case affects Ubiquiti EdgeSwitch before version 1.7.1, where a CGI script does not fully sanitize user input, enabling local command execution. An operator-privilege user (Privilege-1) can escalate to administrator (Privilege-15). The issue is triggered via crafted input in the ...
Ubiquiti Inc.: Web Server Predictable Session ID on EdgeSwitch
In EdgeSwitch legacy web interface the SIDSSL cookie for admin can be guessed, enabling the attacker to obtain high privileges and get a root shell by a Command injection. These vulnerabilities were found on EdgeSwitch 1G switch ESWH and EdgeSwitch 10G switch ESGH firmware v1.9.0. The fix for the...
EdgeMAX EdgeSwitch Command Injection Vulnerability
Ubiquiti Networks EdgeMAX EdgeSwitch is a PoE+ Gigabit switch from Ubiquiti Networks, Inc. A command injection vulnerability exists in Ubiquiti Networks EdgeMAX EdgeSwitch versions prior to 1.8.2. The vulnerability stems from a network system or product not properly filtering specific elements of...
EdgeMAX EdgeSwitch Denial of Service Vulnerability
Ubiquiti Networks EdgeMAX EdgeSwitch is a PoE+ Gigabit switch from Ubiquiti Networks, Inc. A security vulnerability exists in Ubiquiti Networks EdgeMAX EdgeSwitch versions prior to 1.8.2. The vulnerability can be exploited by an attacker with specially crafted commands to cause the SSH CLI...
CVE-2019-5446
Command Injection in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin user to execute commands as root...
CVE-2019-5445
DoS in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin user to Crash the SSH CLI interface by using crafted commands...