Vulnerabilities > CVE-2019-3495 - Unspecified vulnerability in Indionetworks Unibox Firmware

047910
CVSS 9.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
indionetworks
critical

Summary

An issue was discovered on Wifi-soft UniBox controller 0.x through 2.x devices. network/mesh/edit-nds.php is vulnerable to arbitrary file upload, allowing an attacker to upload .php files and execute code on the server with root user privileges. Authentication for accessing this component can be bypassed by using Hard coded credentials.

Vulnerable Configurations

Part Description Count
OS
Indionetworks
1
Hardware
Indionetworks
1