Hello all,
I would like to inform you about the Remote Command & Code Injection
vulnerabilities found in Wifi-soft's Unibox Controllers.
Name: Remote Code Injection in Wifi-soft's Unibox Controllers
Affected Software: Unibox Controller
Affected Versions: 0.x - 2.x
Homepage: https://wifi-soft.com/unibox-controller/
Vulnerability: Remote Code Injection
Severity: Critical
Status: Not Fixed
CVSS Score (3.0): CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (9.8)
CVE-ID Reference: CVE-2019-3495
Name: Remote Command Injection in Wifi-soft's Unibox Controllers
Affected Software: Unibox Controller
Affected Versions: 0.x - 2.x
Homepage: https://wifi-soft.com/unibox-controller/
Vulnerability: Remote Command Injection
Severity: Critical
Status: Not Fixed
CVSS Score (3.0): CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (9.8)
CVE-ID Reference: CVE-2019-3497
Name: Remote Command Injection in Wifi-soft's Unibox Controllers
Affected Software: Unibox Controller
Affected Versions: 3.x
Homepage: https://wifi-soft.com/unibox-controller/
Vulnerability: Remote Command Injection
Severity: Critical
Status: Not Fixed
CVSS Score (3.0): CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (9.8)
CVE-ID Reference: CVE-2019-3496
I have posted all the technical details, POCs and root-cause analysis here:
https://sahildhar.github.io/blogpost/Multiple-RCE-Vulnerabilties-in-Unibox-Controller-0.x-3.x/
Best Regards,
*Sahil Dhar *
Information Security Consultant
+91 9821544985
<http://goog_555023787>
[image:
https://www.offensive-security.com/information-security-certifications/osce-offensive-security-certified-expert/]
<https://www.offensive-security.com/information-security-certifications/osce-offensive-security-certified-expert/>