Ubiquiti Networks EdgeOS version 1.9.1.1 and prior suffer from an Improper Privilege Management vulnerability due to the lack of protection of the file system leading to sensitive information being exposed. An attacker with access to an operator (read-only) account could escalate privileges to admin (root) access in the system.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HUi Edgeos
OSUi≤ 1.9.1.1
Related vulnerabilities
Ubiquiti EdgeOS 1.9.1 on EdgeRouter Lite devices allows remote attackers to execute arbitrary code with admin ...
Command Injection w UniFi OS via nieprawidłowa walidacja wejścia
Path Traversal w UniFi OS — dostęp do plików systemowych i przejęcie konta
Nieprawidłowa kontrola dostępu w UniFi OS — nieautoryzowane zmiany systemowe
On certain Ubiquiti devices, Command Injection exists via a GET request to stainfo.cgi (aka Show AP info) beca...