CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-31998
https://notcve.org/view.php?id=CVE-2023-31998
18 Jul 2023 — A heap overflow vulnerability found in EdgeRouters and Aircubes allows a malicious actor to interrupt UPnP service to said devices. • https://community.ui.com/releases/Security-Advisory-Bulletin-033-033/17f7c7c0-830b-4625-a2ee-e90e514e7b0f • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 1%CPEs: 9EXPL: 1CVE-2023-2373 – Ubiquiti EdgeRouter X Web Management Interface command injection
https://notcve.org/view.php?id=CVE-2023-2373
28 Apr 2023 — A vulnerability, which was classified as critical, was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. This affects an unknown part of the component Web Management Interface. The manipulation of the argument ecn-up leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/leetsun/IoT/tree/main/EdgeRouterX/CI/5 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 3%CPEs: 6EXPL: 0CVE-2022-43553
https://notcve.org/view.php?id=CVE-2022-43553
05 Dec 2022 — A remote code execution vulnerability in EdgeRouters (Version 2.0.9-hotfix.4 and earlier) allows a malicious actor with an operator account to run arbitrary administrator commands.This vulnerability is fixed in Version 2.0.9-hotfix.5 and later. Una vulnerabilidad de ejecución remota de código en EdgeRouters (Versión 2.0.9-hotfix.4 y anteriores) permite que un actor malicioso con una cuenta de operador ejecute comandos de administrador arbitrarios. Esta vulnerabilidad se solucionó en la Versión 2.0.9-hotfix.... • https://community.ui.com/releases/Security-Advisory-Bulletin-026-026/07697c65-30b3-4c06-a158-35e06534480d • CWE-250: Execution with Unnecessary Privileges •
CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0CVE-2021-22909 – Ubiquiti Networks EdgeOS Improper Certificate Validation Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-22909
20 May 2021 — A vulnerability found in EdgeMAX EdgeRouter V2.0.9 and earlier could allow a malicious actor to execute a man-in-the-middle (MitM) attack during a firmware update. This vulnerability is fixed in EdgeMAX EdgeRouter V2.0.9-hotfix.1 and later. Una vulnerabilidad encontrada en EdgeMAX EdgeRouter versión V2.0.9 y anteriores, podría permitir a un actor malicioso ejecutar un ataque de tipo man-in-the-middle (MitM) durante una actualización de firmware. Esta vulnerabilidad se corrigió en EdgeMAX EdgeRouter ver... • https://community.ui.com/releases/Security-Advisory-Bulletin-018-018/cfa1566b-4bf8-427b-8cc7-8cffba3a93a4 • CWE-295: Improper Certificate Validation CWE-300: Channel Accessible by Non-Endpoint •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-8282
https://notcve.org/view.php?id=CVE-2020-8282
14 Dec 2020 — A security issue was found in EdgePower 24V/54V firmware v1.7.0 and earlier where, due to missing CSRF protections, an attacker would have been able to perform unauthorized remote code execution. Se encontró un problema de seguridad en EdgePower 24V/54V versiones de firmware v1.7.0 y anteriores donde, debido a una falta de protecciones de CSRF, un atacante habría sido capaz de llevar a cabo una ejecución de código remota no autorizada • https://community.ui.com/releases/Security-advisory-bulletin-016-016/40c1d33d-785e-44d5-8e6c-56a8addef1bc • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 1%CPEs: 12EXPL: 0CVE-2020-8234
https://notcve.org/view.php?id=CVE-2020-8234
21 Aug 2020 — A vulnerability exists in The EdgeMax EdgeSwitch firmware
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2017-0938
https://notcve.org/view.php?id=CVE-2017-0938
12 Feb 2019 — Denial of Service attack in airMAX < 8.3.2 , airMAX < 6.0.7 and EdgeMAX < 1.9.7 allow attackers to use the Discovery Protocol in amplification attacks. Ataque de denegación de servicio (DoS) en airMAX, en versiones anteriores a la 8.3.2 y la 6.0.7; y EdgeMAX, en versiones anteriores a la 1.9.7, permite que los atacantes empleen el protocolo de descubrimiento en ataques de amplificación. • https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v6-0-7-Has-Been-Released/ba-p/2056522 • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •