Lucene search
K

97 matches found

Hacker One
Hacker One
added 2019/03/16 4:30 p.m.28 views

Ubiquiti Inc.: Privilege-0 to Root Privilege Escalation on EdgeSwitch

In EdgeSwitch X v1.1.0 and prior, an authenticated user can execute arbitrary shell commands over the SSH interface bypassing the CLI interface, which allow them to escalate privileges to root...

9CVSS4.2AI score0.01942EPSS
Exploits0
Hacker One
Hacker One
added 2019/03/12 9:14 a.m.18 views

Ubiquiti Inc.: EdgeSwitch Command Injection

In EdgeSwitch X v1.1.0 and prior, a privileged user can execute arbitrary shell commands over the SSH CLI interface. This allows to execute shell commands under the root user...

9CVSS4.4AI score0.0194EPSS
Exploits0
CVE
CVE
added 2018/09/05 9:0 p.m.91 views

CVE-2015-9266

CVE-2015-9266 affects Ubiquiti airMAX, airFiber, airGateway and EdgeSwitch XP (TOUGHSwitch). The web management interface allows an unauthenticated attacker to upload/write arbitrary files via directory traversal, potentially gaining root privileges. Affected products/versions were fixed in July ...

10CVSS9.7AI score0.73999EPSS
Exploits1References7Affected Software1
NVD
NVD
added 2018/09/05 8:29 p.m.23 views

CVE-2015-9266

The web management interface of Ubiquiti airMAX, airFiber, airGateway and EdgeSwitch XP formerly TOUGHSwitch allows an unauthenticated attacker to upload and write arbitrary files using directory traversal techniques. An attacker can exploit this vulnerability to gain root privileges. This...

10CVSS9.7AI score0.73999EPSS
Exploits1References7
Prion
Prion
added 2018/09/05 8:29 p.m.25 views

Directory traversal

The web management interface of Ubiquiti airMAX, airFiber, airGateway and EdgeSwitch XP formerly TOUGHSwitch allows an unauthenticated attacker to upload and write arbitrary files using directory traversal techniques. An attacker can exploit this vulnerability to gain root privileges. This...

10CVSS7.5AI score0.73999EPSS
Exploits1References7Affected Software12
CNVD
CNVD
added 2018/06/21 12:0 a.m.3 views

Ubiquiti Networks EdgeSwitch Code Execution Vulnerability

The Ubiquiti EdgeSwitch is a Gigabit network switch device from Ubiquiti Networks, Inc. A security vulnerability exists in Ubiquiti EdgeSwitch 1.7.3 and earlier versions, which stems from the program's lack of protection for the admin CLI. The vulnerability can be exploited by an attacker to...

9CVSS7.2AI score0.0167EPSS
Exploits0References1
Prion
Prion
added 2018/06/20 12:29 p.m.16 views

Format string

Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an externally controlled format-string vulnerability due to lack of protection on the admin CLI, leading to code execution and privilege escalation greater than administrators themselves are allowed. An attacker with access to an...

9CVSS7.5AI score0.0167EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2018/06/20 12:29 p.m.17 views

CVE-2018-12591

Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an improperly neutralized element in an OS command due to lack of protection on the admin CLI, leading to code execution and privilege escalation greater than administrators themselves are allowed. An attacker with access to an admi...

9CVSS7.7AI score0.01861EPSS
Exploits0References1
NVD
NVD
added 2018/06/20 12:29 p.m.14 views

CVE-2018-12590

Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an externally controlled format-string vulnerability due to lack of protection on the admin CLI, leading to code execution and privilege escalation greater than administrators themselves are allowed. An attacker with access to an...

9CVSS7.6AI score0.0167EPSS
Exploits0References1
OSV
OSV
added 2018/06/20 12:29 p.m.2 views

CVE-2018-12591

Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an improperly neutralized element in an OS command due to lack of protection on the admin CLI, leading to code execution and privilege escalation greater than administrators themselves are allowed. An attacker with access to an admi...

7.2CVSS6.3AI score0.01861EPSS
Exploits0References1
CVE
CVE
added 2018/06/20 12:0 p.m.54 views

CVE-2018-12591

The CVE-2018-12591 entry concerns Ubiquiti Networks EdgeSwitch, affected in 1.7.3 and earlier. The root cause is an improperly neutralized element in an OS command due to insufficient protection on the admin CLI, enabling code execution and privilege escalation beyond administrator rights. An att...

9CVSS7.6AI score0.01861EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/06/20 12:0 p.m.22 views

CVE-2018-12591

Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an improperly neutralized element in an OS command due to lack of protection on the admin CLI, leading to code execution and privilege escalation greater than administrators themselves are allowed. An attacker with access to an admi...

7.7AI score0.01861EPSS
Exploits0References1
CVE
CVE
added 2018/06/20 12:0 p.m.47 views

CVE-2018-12590

Affected product / version: Ubiquiti Networks EdgeSwitch 1.7.3 and earlier. Vulnerability: externally controlled format-string in the admin CLI due to lack of protection, enabling code execution and privilege escalation beyond what admins can do. Impact: attacker with access to an admin account c...

9CVSS7.6AI score0.0167EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/06/20 12:0 p.m.16 views

CVE-2018-12590

Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an externally controlled format-string vulnerability due to lack of protection on the admin CLI, leading to code execution and privilege escalation greater than administrators themselves are allowed. An attacker with access to an...

7.6AI score0.0167EPSS
Exploits0References1
Hacker One
Hacker One
added 2018/02/07 4:53 p.m.29 views

Ubiquiti Inc.: Code Execution in restricted CLI of EdgeSwitch

In EdgeSwitch 1.7.3 and prior, an user with admin credentials can make use of specially crafted commands to execute arbitrary shell instructions, bypassing the SSH/TELNET CLI interface. A command injection vulnerability existed in the restricted CLI of the EdgeSwitch. Exploiting this vulnerabilit...

4.4AI score
Exploits0
Hacker One
Hacker One
added 2018/02/03 7:58 a.m.15 views

Ubiquiti Inc.: Format String Vulnerability in the EdgeSwitch restricted CLI

In EdgeSwitch 1.7.3 and prior, an user with admin credentials can make use of specially crafted commands to execute arbitrary shell instructions, bypassing the SSH/TELNET CLI interface. There was a format string vulnerability present in the Admin CLI for the EdgeSwitch. Exploiting this...

3.6AI score
Exploits0
Hacker One
Hacker One
added 2017/01/12 10:20 p.m.40 views

Ubiquiti Inc.: [EdgeSwitch] Web GUI command injection as root with Privilege-1 and Privilege-15 users

The researcher found a privilege escalation in the EdgeSwitch prior to version 1.7.1, an CGI script don't fully sanitize the user input resulting in local commands execution, allowing an operator user Privilege-1 to escalate privileges and became administrator Privilege-15. OS command injection i...

7.2CVSS1.5AI score0.00517EPSS
Exploits0
Rows per page
Query Builder