An issue was discovered on Wifi-soft UniBox controller 0.x through 2.x devices. network/mesh/edit-nds.php is vulnerable to arbitrary file upload, allowing an attacker to upload .php files and execute code on the server with root user privileges. Authentication for accessing this component can be bypassed by using Hard coded credentials.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/151077/Wifi-soft-Unibox-2.x-Remote-Command-Code-Injection.html | Exploit Third Party Advisory VDB Entry |
http://seclists.org/fulldisclosure/2019/Jan/23 | Exploit Mailing List Third Party Advisory |
https://sahildhar.github.io/blogpost/Multiple-RCE-Vulnerabilties-in-Unibox-Controller-0.x-3.x/ | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
No history.
Information
Published : 2019-03-21 16:01
Updated : 2024-02-28 17:08
NVD link : CVE-2019-3495
Mitre link : CVE-2019-3495
CVE.ORG link : CVE-2019-3495
JSON object : View
Products Affected
indionetworks
- unibox_firmware
- unibox