CVE-2019-5424
HIGHUbiquiti Networks EdgeSwitch X <1.1.0 - Command Injection
Title source: llmDescription
In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, a privileged user can execute arbitrary shell commands over the SSH CLI interface. This allows to execute shell commands under the root user.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://hackerone.com/reports/508256
Patch, Vendor Advisory x_refsource_confirm
https://community.ubnt.com/t5/EdgeMAX-Updates-Blog/EdgeMAX-EdgeSwitch-X-software-release-v1-1-1/ba-p/2731137
Scores
CVSS v3
8.8
EPSS
0.0194
EPSS Percentile
77.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-77
CWE-78
Status
published
Products (1)
ui/edgeswitch_x
< 1.1.0
Published
Apr 10, 2019
Tracked Since
Feb 18, 2026