GCVE - cpe:2.3:o:indionetworks:unibox_firmware:-:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:o:indionetworks:unibox_firmware:-:*:*:*:*:*:*:*

part: o version: - update: *

Vendor	Indionetworks (`983f2484-d69d-5b9a-a07d-e9cf37d14eb2`)
Product	Unibox Firmware (`e7dfda4f-31f0-56bd-a09c-a754882316f4`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2019-3497`	vulnerable	2026-06-08 05:13:55.026433	Details available An issue was discovered on Wifi-soft UniBox controller 0.x through 2.x devices. The tools/ping Ping feature of the Diagnostic Tools component is vulnerable to Remote Command Execution, allowing an attacker to execute arbitrary system commands on the server with root user privileges. Authentication for accessing this component can be bypassed by using Hard coded credentials. Published: 2019-03-18T17:40:31.000Z Updated: 2024-08-04T19:12:09.537Z Open on db.gcve.eu Reference links http://packetstormsecurity.com/files/151077/Wifi-soft-Unibox-2.x-Remote-Command-Code-Injection.html http://seclists.org/fulldisclosure/2019/Jan/23 https://sahildhar.github.io/blogpost/Multiple-RCE-Vulnerabilties-in-Unibox-Controller-0.x-3.x/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-3496`	vulnerable	2026-06-08 05:13:55.025703	Details available An issue was discovered on Wifi-soft UniBox controller 3.x devices. The tools/controller/diagnostic_tools_controller Diagnostic Tools Controller is vulnerable to Remote Command Execution, allowing an attacker to execute arbitrary system commands on the server with root user privileges. Authentication for accessing this component can be bypassed by using Hard coded credentials. Published: 2019-03-18T17:35:55.000Z Updated: 2024-08-04T19:12:09.600Z Open on db.gcve.eu Reference links http://packetstormsecurity.com/files/151077/Wifi-soft-Unibox-2.x-Remote-Command-Code-Injection.html http://seclists.org/fulldisclosure/2019/Jan/23 https://sahildhar.github.io/blogpost/Multiple-RCE-Vulnerabilties-in-Unibox-Controller-0.x-3.x/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-3495`	vulnerable	2026-06-08 05:13:55.024528	Details available An issue was discovered on Wifi-soft UniBox controller 0.x through 2.x devices. network/mesh/edit-nds.php is vulnerable to arbitrary file upload, allowing an attacker to upload .php files and execute code on the server with root user privileges. Authentication for accessing this component can be bypassed by using Hard coded credentials. Published: 2019-03-18T17:14:33.000Z Updated: 2024-08-04T19:12:09.477Z Open on db.gcve.eu Reference links http://packetstormsecurity.com/files/151077/Wifi-soft-Unibox-2.x-Remote-Command-Code-Injection.html http://seclists.org/fulldisclosure/2019/Jan/23 https://sahildhar.github.io/blogpost/Multiple-RCE-Vulnerabilties-in-Unibox-Controller-0.x-3.x/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.