Arbitrary File Upload and Authentication Bypass Vulnerability in Wifi-soft UniBox Controller

Arbitrary File Upload and Authentication Bypass Vulnerability in Wifi-soft UniBox Controller

CVE-2019-3495 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

An issue was discovered on Wifi-soft UniBox controller 0.x through 2.x devices. network/mesh/edit-nds.php is vulnerable to arbitrary file upload, allowing an attacker to upload .php files and execute code on the server with root user privileges. Authentication for accessing this component can be bypassed by using Hard coded credentials.

Learn more about our Cis Benchmark Audit For Server Software.