CVE-2021-22909
HIGHEdgeMAX EdgeRouter Firmware < 2.0.9 - Improper Certificate Validation
Title source: llmDescription
A vulnerability found in EdgeMAX EdgeRouter V2.0.9 and earlier could allow a malicious actor to execute a man-in-the-middle (MitM) attack during a firmware update. This vulnerability is fixed in EdgeMAX EdgeRouter V2.0.9-hotfix.1 and later.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://community.ui.com/releases/Security-Advisory-Bulletin-018-018/cfa1566b-4bf8-427b-8cc7-8cffba3a93a4
Scores
CVSS v3
7.5
EPSS
0.0129
EPSS Percentile
66.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-295
CWE-300
Status
published
Products (1)
ui/edgemax_edgerouter_firmware
< 2.0.9
Published
May 27, 2021
Tracked Since
Feb 18, 2026