Vulnerabilities > UI > Edgeos
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-07 | CVE-2018-5265 | OS Command Injection vulnerability in UI Edgeos 1.9.1 Ubiquiti EdgeOS 1.9.1 on EdgeRouter Lite devices allows remote attackers to execute arbitrary code with admin credentials, because /opt/vyatta/share/vyatta-cfg/templates/system/static-host-mapping/host-name/node.def does not sanitize the 'alias' or 'ips' parameter for shell metacharacters. | 7.2 |
| 2018-03-22 | CVE-2017-0935 | Improper Privilege Management vulnerability in UI Edgeos 1.9.1/1.9.1.1 Ubiquiti Networks EdgeOS version 1.9.1.1 and prior suffer from an Improper Privilege Management vulnerability due to the lack of protection of the file system leading to sensitive information being exposed. | 8.8 |