Vulnerabilities > Ucopia

DATE CVE VULNERABILITY TITLE RISK
2023-06-29 CVE-2022-44719 Incorrect Permission Assignment for Critical Resource vulnerability in Ucopia Wireless Appliance Firmware
An issue was discovered in Weblib Ucopia before 6.0.13.
network
low complexity
ucopia CWE-732
7.5
2023-06-29 CVE-2022-44720 OS Command Injection vulnerability in Ucopia Wireless Appliance Firmware
An issue was discovered in Weblib Ucopia before 6.0.13.
network
low complexity
ucopia CWE-78
critical
9.8
2021-02-02 CVE-2020-25036 OS Command Injection vulnerability in Ucopia Wireless Appliance 6.0.5
UCOPIA Wi-Fi appliances 6.0.5 allow authenticated remote attackers to escape the restricted administration shell CLI, and access a shell with admin user rights, via an unprotected less command.
network
low complexity
ucopia CWE-78
8.8
2021-02-02 CVE-2020-25035 Unspecified vulnerability in Ucopia Express Wireless Appliance
UCOPIA Wi-Fi appliances 6.0.5 allow arbitrary code execution with root privileges using chroothole_client's PHP call, a related issue to CVE-2017-11322.
local
low complexity
ucopia
6.7
2021-02-02 CVE-2020-25037 Unrestricted Upload of File with Dangerous Type vulnerability in Ucopia Wireless Appliance 6.0.5
UCOPIA Wi-Fi appliances 6.0.5 allow arbitrary code execution with admin user privileges via an escape from a restricted command.
local
low complexity
ucopia CWE-434
8.2
2018-08-21 CVE-2018-15481 OS Command Injection vulnerability in Ucopia Wireless Appliance Firmware 5.1.0/5.1.11/5.1.13
Improper input sanitization within the restricted administration shell on UCOPIA Wireless Appliance devices using firmware version 5.1.x before 5.1.13 allows authenticated remote attackers to escape the shell and escalate their privileges by adding a LocalCommand to the SSH configuration file in the user home folder.
network
low complexity
ucopia CWE-78
8.8
2018-03-22 CVE-2017-17743 Improper Authentication vulnerability in Ucopia Wireless Appliance Firmware 5.0/5.1/5.1.0
Improper input sanitization within the restricted administration shell on UCOPIA Wireless Appliance devices before 4.4.20, 5.0.x before 5.0.19, and 5.1.x before 5.1.11 allows authenticated remote attackers to escape the shell and escalate their privileges by uploading a .bashrc file containing the /bin/sh string.
local
low complexity
ucopia CWE-287
6.7
2017-10-03 CVE-2017-11322 OS Command Injection vulnerability in Ucopia Wireless Appliance
The chroothole_client executable in UCOPIA Wireless Appliance before 5.1.8 allows remote attackers to gain root privileges via a dollar sign ($) metacharacter in the argument to chroothole_client.
local
low complexity
ucopia CWE-78
8.2
2017-10-03 CVE-2017-11321 OS Command Injection vulnerability in Ucopia Wireless Appliance 5.1.7
The restricted shell interface in UCOPIA Wireless Appliance before 5.1.8 allows remote authenticated users to gain 'admin' privileges via shell metacharacters in the less command.
network
low complexity
ucopia CWE-78
7.2