lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Sun, 6 Jan 2019 11:40:42 +0530
From: Sahil Dhar <sahildhar93@...il.com>
To: vuldb@...urityfocus.com, listadmin@...urityfocus.com, 
 fulldisclosure@...lists.org
Subject: [FD] Multiple Root RCE in Unibox Wifi Access Controller 0.x - 3.x

Hello all,

I would like to inform you about the Remote Command & Code Injection
vulnerabilities found in Wifi-soft's Unibox Controllers.

Name: Remote Code Injection in Wifi-soft's Unibox Controllers
Affected Software: Unibox Controller
Affected Versions: 0.x - 2.x
Homepage: https://wifi-soft.com/unibox-controller/
Vulnerability: Remote Code Injection
Severity: Critical
Status: Not Fixed
CVSS Score (3.0): CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (9.8)
CVE-ID Reference: CVE-2019-3495


Name: Remote Command Injection in Wifi-soft's Unibox Controllers
Affected Software: Unibox Controller
Affected Versions: 0.x - 2.x
Homepage: https://wifi-soft.com/unibox-controller/
Vulnerability: Remote Command Injection
Severity: Critical
Status: Not Fixed
CVSS Score (3.0): CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (9.8)
CVE-ID Reference: CVE-2019-3497

Name: Remote Command Injection in Wifi-soft's Unibox Controllers
Affected Software: Unibox Controller
Affected Versions: 3.x
Homepage: https://wifi-soft.com/unibox-controller/
Vulnerability: Remote Command Injection
Severity: Critical
Status: Not Fixed
CVSS Score (3.0): CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (9.8)
CVE-ID Reference: CVE-2019-3496

I have posted all the technical details, POCs and root-cause analysis here:
https://sahildhar.github.io/blogpost/Multiple-RCE-Vulnerabilties-in-Unibox-Controller-0.x-3.x/


Best Regards,

*Sahil Dhar                                  *
Information Security Consultant
+91 9821544985

<http://goog_555023787>
[image:
https://www.offensive-security.com/information-security-certifications/osce-offensive-security-certified-expert/]
<https://www.offensive-security.com/information-security-certifications/osce-offensive-security-certified-expert/>

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists