QwikSec

Security Database

CVE

CWE

Training

CVE-2017-0932

Published: Mar 22, 2018

Modified: Sep 17, 2024

PUBLISHED

Description

Ubiquiti Networks EdgeOS version 1.9.1.1 and prior suffer from an Improper Privilege Management vulnerability due to the lack of validation on the input of the Feature functionality. An attacker with access to an operator (read-only) account and ssh connection to the devices could escalate privileges to admin (root) access in the system.

Vendor	Product	Versions
Ubiquiti Networks	EdgeRouter X	affected `EdgeOS v1.9.1.1 and prior`

Weaknesses (CWE)

References

https://hackerone.com/reports/239719

x_refsource_MISC

https://community.ubnt.com/t5/EdgeMAX-Updates-Blog/EdgeMAX-EdgeRouter-software-security-release-v1-9-7-hotfix-3/ba-p/2054117

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.