QwikSec

Security Database

CVE

CWE

Training

CVE-2017-0933

Published: Mar 22, 2018

Modified: Sep 16, 2024

PUBLISHED

Description

Ubiquiti Networks EdgeOS version 1.9.1 and prior suffer from a Cross-Site Request Forgery (CSRF) vulnerability. An attacker with access to an operator (read-only) account could lure an admin (root) user to access the attacker-controlled page, allowing the attacker to gain admin privileges in the system.

Vendor	Product	Versions
Ubiquiti Networks	EdgeRouter X	affected `EdgeOS v1.9.1 and prior`

Weaknesses (CWE)

References

https://community.ubnt.com/t5/EdgeMAX-Updates-Blog/EdgeMAX-EdgeRouter-software-release-v1-9-1-1/ba-p/1910524

x_refsource_CONFIRM

https://hackerone.com/reports/240098

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.