CVE-2018-15481
HIGHUCOPIA Wireless Appliance Firmware 5.1.0-5.1.12 - Authenticated OS Command Injection via SSH LocalCommand
Title source: llmDescription
Improper input sanitization within the restricted administration shell on UCOPIA Wireless Appliance devices using firmware version 5.1.x before 5.1.13 allows authenticated remote attackers to escape the shell and escalate their privileges by adding a LocalCommand to the SSH configuration file in the user home folder.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://securite.intrinsec.com/2018/08/20/cve-2018-15481-ucopia-wireless-appliance-restricted-shell-escape-5-1-13/
Scores
CVSS v3
8.8
EPSS
0.0132
EPSS Percentile
67.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (1)
ucopia/wireless_appliance_firmware
5.1.0 - 5.1.13
Published
Aug 21, 2018
Tracked Since
Feb 18, 2026