GCVE - cpe:2.3:o:ubnt:edgeos:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:o:ubnt:edgeos:*:*:*:*:*:*:*:*

part: o version: * update: *

Vendor	Ubnt (`1fd10992-f404-5e8c-bb02-e5bf720dee43`)
Product	Edgeos (`808b2fbd-e160-55bf-9fff-fe4335642dea`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2017-0934`	vulnerable	2026-06-03 14:36:19.732733	Details available Ubiquiti Networks EdgeOS version 1.9.1 and prior suffer from an Improper Privilege Management vulnerability due to the lack of protection of the file system leading to sensitive information being exposed. An attacker with access to an operator (read-only) account could escalate privileges to admin (root) access in the system. Published: 2018-03-22T14:00:00.000Z Updated: 2024-09-17T04:23:56.390Z Open on db.gcve.eu Reference links https://hackerone.com/reports/241044 https://community.ubnt.com/t5/EdgeMAX-Updates-Blog/EdgeMAX-EdgeRouter-software-release-v1-9-1-1/ba-p/1910524	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-0933`	vulnerable	2026-06-03 14:36:19.732415	Details available Ubiquiti Networks EdgeOS version 1.9.1 and prior suffer from a Cross-Site Request Forgery (CSRF) vulnerability. An attacker with access to an operator (read-only) account could lure an admin (root) user to access the attacker-controlled page, allowing the attacker to gain admin privileges in the system. Published: 2018-03-22T14:00:00.000Z Updated: 2024-09-16T19:41:56.531Z Open on db.gcve.eu Reference links https://community.ubnt.com/t5/EdgeMAX-Updates-Blog/EdgeMAX-EdgeRouter-software-release-v1-9-1-1/ba-p/1910524 https://hackerone.com/reports/240098	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-0932`	vulnerable	2026-06-03 14:36:19.731994	Details available Ubiquiti Networks EdgeOS version 1.9.1.1 and prior suffer from an Improper Privilege Management vulnerability due to the lack of validation on the input of the Feature functionality. An attacker with access to an operator (read-only) account and ssh connection to the devices could escalate privileges to admin (root) access in the system. Published: 2018-03-22T14:00:00.000Z Updated: 2024-09-17T02:27:44.980Z Open on db.gcve.eu Reference links https://hackerone.com/reports/239719 https://community.ubnt.com/t5/EdgeMAX-Updates-Blog/EdgeMAX-EdgeRouter-software-security-release-v1-9-7-hotfix-3/ba-p/2054117	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.