CVE-2020-25036
HIGHUCOPIA Wi-Fi Appliance < 6.0.5 - Authenticated OS Command Injection via Less Command
Title source: llmDescription
UCOPIA Wi-Fi appliances 6.0.5 allow authenticated remote attackers to escape the restricted administration shell CLI, and access a shell with admin user rights, via an unprotected less command.
References (2)
Core 2
Core References
Product x_refsource_misc
https://ucopia.com/en/solutions/product-line-wifi/
Third Party Advisory x_refsource_misc
https://blog.globadis.com/blog/ucopia-v6-multiple-cves-root/
Scores
CVSS v3
8.8
EPSS
0.0204
EPSS Percentile
78.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (1)
ucopia/ucopia_wireless_appliance
< 6.0.5
Published
Feb 02, 2021
Tracked Since
Feb 18, 2026