Ubiquiti EdgeOS 1.9.1 on EdgeRouter Lite devices allows remote attackers to execute arbitrary code with admin credentials, because /opt/vyatta/share/vyatta-cfg/templates/system/static-host-mapping/host-name/node.def does not sanitize the 'alias' or 'ips' parameter for shell metacharacters.
References
Link | Resource |
---|---|
https://www.red4sec.com/cve/edgerouter_lite.txt | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-06-07T14:59:43
Updated: 2019-06-07T14:59:43
Reserved: 2018-01-07T00:00:00
Link: CVE-2018-5265
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-06-07T15:29:00.683
Modified: 2020-08-24T17:37:01.140
Link: CVE-2018-5265
JSON object: View
Redhat Information
No data.
CWE