Описание
A remote code execution vulnerability in EdgeRouters (Version 2.0.9-hotfix.4 and earlier) allows a malicious actor with an operator account to run arbitrary administrator commands.This vulnerability is fixed in Version 2.0.9-hotfix.5 and later.
Уязвимые конфигурации
Конфигурация 1Версия до 2.0.9 (исключая)
Одновременно
Одно из
cpe:2.3:o:ui:edgemax_edgerouter_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ui:edgemax_edgerouter_firmware:2.0.9:-:*:*:*:*:*:*
cpe:2.3:o:ui:edgemax_edgerouter_firmware:2.0.9:hotfix1:*:*:*:*:*:*
cpe:2.3:o:ui:edgemax_edgerouter_firmware:2.0.9:hotfix2:*:*:*:*:*:*
cpe:2.3:o:ui:edgemax_edgerouter_firmware:2.0.9:hotfix4:*:*:*:*:*:*
cpe:2.3:h:ui:edgemax_edgerouter:-:*:*:*:*:*:*:*
EPSS
Процентиль: 92%
0.0845
Низкий
8.8 High
CVSS3
Дефекты
CWE-250
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 8.8
github
около 3 лет назад
A remote code execution vulnerability in EdgeRouters (Version 2.0.9-hotfix.4 and earlier) allows a malicious actor with an operator account to run arbitrary administrator commands.This vulnerability is fixed in Version 2.0.9-hotfix.5 and later.
EPSS
Процентиль: 92%
0.0845
Низкий
8.8 High
CVSS3
Дефекты
CWE-250
NVD-CWE-noinfo