97 matches found
Ubiquiti Inc.: Privilege-0 to Root Privilege Escalation on EdgeSwitch
In EdgeSwitch X v1.1.0 and prior, an authenticated user can execute arbitrary shell commands over the SSH interface bypassing the CLI interface, which allow them to escalate privileges to root...
Ubiquiti Inc.: EdgeSwitch Command Injection
In EdgeSwitch X v1.1.0 and prior, a privileged user can execute arbitrary shell commands over the SSH CLI interface. This allows to execute shell commands under the root user...
CVE-2015-9266
CVE-2015-9266 affects Ubiquiti airMAX, airFiber, airGateway and EdgeSwitch XP (TOUGHSwitch). The web management interface allows an unauthenticated attacker to upload/write arbitrary files via directory traversal, potentially gaining root privileges. Affected products/versions were fixed in July ...
CVE-2015-9266
The web management interface of Ubiquiti airMAX, airFiber, airGateway and EdgeSwitch XP formerly TOUGHSwitch allows an unauthenticated attacker to upload and write arbitrary files using directory traversal techniques. An attacker can exploit this vulnerability to gain root privileges. This...
Directory traversal
The web management interface of Ubiquiti airMAX, airFiber, airGateway and EdgeSwitch XP formerly TOUGHSwitch allows an unauthenticated attacker to upload and write arbitrary files using directory traversal techniques. An attacker can exploit this vulnerability to gain root privileges. This...
Ubiquiti Networks EdgeSwitch Code Execution Vulnerability
The Ubiquiti EdgeSwitch is a Gigabit network switch device from Ubiquiti Networks, Inc. A security vulnerability exists in Ubiquiti EdgeSwitch 1.7.3 and earlier versions, which stems from the program's lack of protection for the admin CLI. The vulnerability can be exploited by an attacker to...
Format string
Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an externally controlled format-string vulnerability due to lack of protection on the admin CLI, leading to code execution and privilege escalation greater than administrators themselves are allowed. An attacker with access to an...
CVE-2018-12591
Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an improperly neutralized element in an OS command due to lack of protection on the admin CLI, leading to code execution and privilege escalation greater than administrators themselves are allowed. An attacker with access to an admi...
CVE-2018-12590
Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an externally controlled format-string vulnerability due to lack of protection on the admin CLI, leading to code execution and privilege escalation greater than administrators themselves are allowed. An attacker with access to an...
CVE-2018-12591
Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an improperly neutralized element in an OS command due to lack of protection on the admin CLI, leading to code execution and privilege escalation greater than administrators themselves are allowed. An attacker with access to an admi...
CVE-2018-12591
The CVE-2018-12591 entry concerns Ubiquiti Networks EdgeSwitch, affected in 1.7.3 and earlier. The root cause is an improperly neutralized element in an OS command due to insufficient protection on the admin CLI, enabling code execution and privilege escalation beyond administrator rights. An att...
CVE-2018-12591
Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an improperly neutralized element in an OS command due to lack of protection on the admin CLI, leading to code execution and privilege escalation greater than administrators themselves are allowed. An attacker with access to an admi...
CVE-2018-12590
Affected product / version: Ubiquiti Networks EdgeSwitch 1.7.3 and earlier. Vulnerability: externally controlled format-string in the admin CLI due to lack of protection, enabling code execution and privilege escalation beyond what admins can do. Impact: attacker with access to an admin account c...
CVE-2018-12590
Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an externally controlled format-string vulnerability due to lack of protection on the admin CLI, leading to code execution and privilege escalation greater than administrators themselves are allowed. An attacker with access to an...
Ubiquiti Inc.: Code Execution in restricted CLI of EdgeSwitch
In EdgeSwitch 1.7.3 and prior, an user with admin credentials can make use of specially crafted commands to execute arbitrary shell instructions, bypassing the SSH/TELNET CLI interface. A command injection vulnerability existed in the restricted CLI of the EdgeSwitch. Exploiting this vulnerabilit...
Ubiquiti Inc.: Format String Vulnerability in the EdgeSwitch restricted CLI
In EdgeSwitch 1.7.3 and prior, an user with admin credentials can make use of specially crafted commands to execute arbitrary shell instructions, bypassing the SSH/TELNET CLI interface. There was a format string vulnerability present in the Admin CLI for the EdgeSwitch. Exploiting this...
Ubiquiti Inc.: [EdgeSwitch] Web GUI command injection as root with Privilege-1 and Privilege-15 users
The researcher found a privilege escalation in the EdgeSwitch prior to version 1.7.1, an CGI script don't fully sanitize the user input resulting in local commands execution, allowing an operator user Privilege-1 to escalate privileges and became administrator Privilege-15. OS command injection i...