CVE-2019-5446Command Injection in Edgeswitch Firmware

CWE-77Command Injection3 documents3 sources
Severity
7.2HIGHNVD
EPSS
1.2%
top 21.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
UI Edgeswitch FirmwareUbiquiti Networks Edgemax
Timeline
PublishedJul 10
Latest updateMay 24

Description

Command Injection in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin user to execute commands as root.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

CVEListV5ubiquiti_networks/edgemax1.8.1

🔴Vulnerability Details

2
GHSA
GHSA-wjp7-mwhc-8ppq: Command Injection in EdgeMAX EdgeSwitch prior to 12022-05-24
CVEList
CVE-2019-5446: Command Injection in EdgeMAX EdgeSwitch prior to 12019-07-10
CVE-2019-5446 — Command Injection | cvebase