CVE-2018-12590

HIGH Year: 2018
CVSS v3 Score
7.2
High
CVSS v2 Score
9.0
Critical
Weakness Type
CWE-134
View all →

Vulnerability Description

Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an externally controlled format-string vulnerability due to lack of protection on the admin CLI, leading to code execution and privilege escalation greater than administrators themselves are allowed. An attacker with access to an admin account could escape the restricted CLI and execute arbitrary code.

Related Vulnerabilities

CVE-2023-35086

HIGH
CVSS:7.2(High)

It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by directly using input as a format string when calling syslog in logmessage_normal function...

CWE-1342023

CVE-2023-39238

HIGH
CVSS:7.2(High)

It is identified a format string vulnerability in ASUS RT-AX56U V2. This vulnerability is caused by lacking validation for a specific value within its set_iperf3_svr.cgi module. A remote attacker with...

CWE-1342023

CVE-2023-39239

HIGH
CVSS:7.2(High)

It is identified a format string vulnerability in ASUS RT-AX56U V2’s General function API. This vulnerability is caused by lacking validation for a specific value within its apply.cgi module. A remote...

CWE-1342023

CVE-2023-39240

HIGH
CVSS:7.2(High)

It is identified a format string vulnerability in ASUS RT-AX56U V2’s iperf client function API. This vulnerability is caused by lacking validation for a specific value within its set_iperf3_cli.cgi mo...

CWE-1342023

CVE-2023-45583

HIGH
CVSS:7.2(High)

A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.5, 7.0.0 through 7.0.11, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6 FortiPAM version...

CWE-1342023

CVE-2024-12805

HIGH
CVSS:7.2(High)

A post-authentication format string vulnerability in SonicOS management allows a remote attacker to crash a firewall and potentially leads to code execution.

CWE-1342024