RSS   Vulnerabilities for 'Edgeos'   RSS

2019-06-07
 
CVE-2018-5265

CWE-20
 

 
Ubiquiti EdgeOS 1.9.1 on EdgeRouter Lite devices allows remote attackers to execute arbitrary code with admin credentials, because /opt/vyatta/share/vyatta-cfg/templates/system/static-host-mapping/host-name/node.def does not sanitize the 'alias' or 'ips' parameter for shell metacharacters.

 

 >>> Vendor: UI 18 Products
Edgeswitch x
Unifi video
Aircam firmware
Edgeos
Aircam
Aircam dome
Aircam mini
Airvision firmware
Unifi
Unifi controller
Unifi firmware
UCRM
Edgeswitch
Airvision controller
Mfi controller
Cloud key gen2
Cloud key gen2 plus
Unifi protect


Copyright 2021, cxsecurity.com

 

Back to Top