QwikSec

Security Database

CVE

CWE

Training

CVE-2017-0934

Published: Mar 22, 2018

Modified: Sep 17, 2024

PUBLISHED

Description

Ubiquiti Networks EdgeOS version 1.9.1 and prior suffer from an Improper Privilege Management vulnerability due to the lack of protection of the file system leading to sensitive information being exposed. An attacker with access to an operator (read-only) account could escalate privileges to admin (root) access in the system.

Vendor	Product	Versions
Ubiquiti Networks	EdgeRouter X	affected `EdgeOS v1.9.1 and prior`

Weaknesses (CWE)

References

https://hackerone.com/reports/241044

x_refsource_MISC

https://community.ubnt.com/t5/EdgeMAX-Updates-Blog/EdgeMAX-EdgeRouter-software-release-v1-9-1-1/ba-p/1910524

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.