CVE-2019-16889
published 2019-09-25CVE-2019-16889: Ubiquiti EdgeMAX devices before 2.0.3 allow remote attackers to cause a denial of service (disk consumption) because *.cache files in…
PriorityP337high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
5.09%
91.3th percentile
Ubiquiti EdgeMAX devices before 2.0.3 allow remote attackers to cause a denial of service (disk consumption) because *.cache files in /var/run/beaker/container_file/ are created when providing a valid length payload of 249 characters or fewer to the beaker.session.id cookie in a GET header. The attacker can use a long series of unique session IDs.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ui | ep-r6_firmware | < 2.0.3 | 2.0.3 |
| ui | ep-r8_firmware | < 2.0.3 | 2.0.3 |
| ui | er-12_firmware | < 2.0.3 | 2.0.3 |
| ui | er-4_firmware | < 2.0.3 | 2.0.3 |
| ui | er-6p_firmware | < 2.0.3 | 2.0.3 |
| ui | er-8-xg_firmware | < 2.0.3 | 2.0.3 |
| ui | er-8_firmware | < 2.0.3 | 2.0.3 |
| ui | er-x-sfp_firmware | < 2.0.3 | 2.0.3 |
| ui | er-x_firmware | < 2.0.3 | 2.0.3 |
| ui | erlite-3_firmware | < 2.0.3 | 2.0.3 |
| ui | erpoe-5_firmware | < 2.0.3 | 2.0.3 |
| ui | erpro-8_firmware | < 2.0.3 | 2.0.3 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:N/I:N/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
https://community.ui.com/releases/New-EdgeRouter-firmware-2-0-3-has-been-released-2-0-3/e8badd28-a112-4269-9fb6-ffe3fc0e1643https://hackerone.com/reports/406614https://mjlanders.com/2019/07/28/resource-consumption-dos-on-edgemax-v1-10-6/https://community.ui.com/releases/New-EdgeRouter-firmware-2-0-3-has-been-released-2-0-3/e8badd28-a112-4269-9fb6-ffe3fc0e1643https://hackerone.com/reports/406614https://mjlanders.com/2019/07/28/resource-consumption-dos-on-edgemax-v1-10-6/
2019-09-25
Published