[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CAOXsW2rc44gOwC5X-3k4beQDAf4iZ_vzL+dWPr8GMO0J+Qf+DQ@mail.gmail.com>
Date: Sun, 6 Jan 2019 11:40:42 +0530
From: Sahil Dhar <sahildhar93@...il.com>
To: vuldb@...urityfocus.com, listadmin@...urityfocus.com,
fulldisclosure@...lists.org
Subject: [FD] Multiple Root RCE in Unibox Wifi Access Controller 0.x - 3.x
Hello all,
I would like to inform you about the Remote Command & Code Injection
vulnerabilities found in Wifi-soft's Unibox Controllers.
Name: Remote Code Injection in Wifi-soft's Unibox Controllers
Affected Software: Unibox Controller
Affected Versions: 0.x - 2.x
Homepage: https://wifi-soft.com/unibox-controller/
Vulnerability: Remote Code Injection
Severity: Critical
Status: Not Fixed
CVSS Score (3.0): CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (9.8)
CVE-ID Reference: CVE-2019-3495
Name: Remote Command Injection in Wifi-soft's Unibox Controllers
Affected Software: Unibox Controller
Affected Versions: 0.x - 2.x
Homepage: https://wifi-soft.com/unibox-controller/
Vulnerability: Remote Command Injection
Severity: Critical
Status: Not Fixed
CVSS Score (3.0): CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (9.8)
CVE-ID Reference: CVE-2019-3497
Name: Remote Command Injection in Wifi-soft's Unibox Controllers
Affected Software: Unibox Controller
Affected Versions: 3.x
Homepage: https://wifi-soft.com/unibox-controller/
Vulnerability: Remote Command Injection
Severity: Critical
Status: Not Fixed
CVSS Score (3.0): CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (9.8)
CVE-ID Reference: CVE-2019-3496
I have posted all the technical details, POCs and root-cause analysis here:
https://sahildhar.github.io/blogpost/Multiple-RCE-Vulnerabilties-in-Unibox-Controller-0.x-3.x/
Best Regards,
*Sahil Dhar *
Information Security Consultant
+91 9821544985
<http://goog_555023787>
[image:
https://www.offensive-security.com/information-security-certifications/osce-offensive-security-certified-expert/]
<https://www.offensive-security.com/information-security-certifications/osce-offensive-security-certified-expert/>
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists