HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2017-0935

CVSS 8.8v3.1pub. 2018-03-22upd. 2024-11-21

Ubiquiti Networks EdgeOS version 1.9.1.1 and prior suffer from an Improper Privilege Management vulnerability due to the lack of protection of the file system leading to sensitive information being exposed. An attacker with access to an operator (read-only) account could escalate privileges to admin (root) access in the system.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Ui Edgeos

    OS
    Ui
    ≤ 1.9.1.1
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
LPE
CWE
References

Related vulnerabilities

CVE-2018-5265HIGH7.2ten sam produkt

Ubiquiti EdgeOS 1.9.1 on EdgeRouter Lite devices allows remote attackers to execute arbitrary code with admin ...

CVE-2026-34910CRITICAL10.0⚠ KEVPL ✓ten sam vendor

Command Injection w UniFi OS via nieprawidłowa walidacja wejścia

CVE-2026-34909CRITICAL10.0⚠ KEVPL ✓ten sam vendor

Path Traversal w UniFi OS — dostęp do plików systemowych i przejęcie konta

CVE-2026-34908CRITICAL10.0⚠ KEVPL ✓ten sam vendor

Nieprawidłowa kontrola dostępu w UniFi OS — nieautoryzowane zmiany systemowe

CVE-2010-5330CRITICAL9.8⚠ KEVten sam vendor

On certain Ubiquiti devices, Command Injection exists via a GET request to stainfo.cgi (aka Show AP info) beca...

CVE-2017-0935 — Ui — Edgeos — HIGH — CVSS 8.8 | CVEbaza.pl