CVE-2019-16889
https://notcve.org/view.php?id=CVE-2019-16889
Ubiquiti EdgeMAX devices before 2.0.3 allow remote attackers to cause a denial of service (disk consumption) because *.cache files in /var/run/beaker/container_file/ are created when providing a valid length payload of 249 characters or fewer to the beaker.session.id cookie in a GET header. The attacker can use a long series of unique session IDs. Los dispositivos Ubiquiti EdgeMAX versiones anteriores a 2.0.3, permiten a atacantes remotos causar una denegación de servicio (consumo de disco) porque los archivos *.cache en /var/run/beaker/container_file/ son creados cuando se proporciona una carga útil de longitud válida de 249 caracteres o menos para la cookie beaker.session.id en un encabezado GET. El atacante puede utilizar una larga serie de los ID de sesión únicos. • https://github.com/grampae/CVE-2019-16889-poc https://community.ui.com/releases/New-EdgeRouter-firmware-2-0-3-has-been-released-2-0-3/e8badd28-a112-4269-9fb6-ffe3fc0e1643 https://hackerone.com/reports/406614 https://mjlanders.com/2019/07/28/resource-consumption-dos-on-edgemax-v1-10-6 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2018-5265
https://notcve.org/view.php?id=CVE-2018-5265
Ubiquiti EdgeOS 1.9.1 on EdgeRouter Lite devices allows remote attackers to execute arbitrary code with admin credentials, because /opt/vyatta/share/vyatta-cfg/templates/system/static-host-mapping/host-name/node.def does not sanitize the 'alias' or 'ips' parameter for shell metacharacters. Ubiquiti EdgeOS versión 1.9.1 en dispositivos EdgeRouter Lite, permite a atacantes remotos ejecutar código arbitrario con credenciales de administrador, porque /opt/vyatta/share/vyatta-cfg/templates/System/static-host-mapping/host-name/node.def no sanea el parámetro 'alias' o 'ips' para metacaracteres shell. • https://www.red4sec.com/cve/edgerouter_lite.txt • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •