Arbitrary Code Execution Vulnerability in Ubiquiti EdgeOS 1.9.1 on EdgeRouter Lite Devices

Arbitrary Code Execution Vulnerability in Ubiquiti EdgeOS 1.9.1 on EdgeRouter Lite Devices

CVE-2018-5265 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

Ubiquiti EdgeOS 1.9.1 on EdgeRouter Lite devices allows remote attackers to execute arbitrary code with admin credentials, because /opt/vyatta/share/vyatta-cfg/templates/system/static-host-mapping/host-name/node.def does not sanitize the 'alias' or 'ips' parameter for shell metacharacters.

Learn more about our Web Application Penetration Testing UK.