Vulnerabilities > UI > Edgeswitch Firmware > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-17 | CVE-2020-8233 | OS Command Injection vulnerability in multiple products A command injection vulnerability exists in EdgeSwitch firmware <v1.9.0 that allowed an authenticated read-only user to execute arbitrary shell commands over the HTTP interface, allowing them to escalate privileges. | 8.8 |
| 2019-07-10 | CVE-2019-5446 | Command Injection vulnerability in UI Edgeswitch Firmware 1.7.3 Command Injection in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin user to execute commands as root. | 7.2 |
| 2018-06-20 | CVE-2018-12590 | Use of Externally-Controlled Format String vulnerability in UI Edgeswitch Firmware 1.7.3 Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an externally controlled format-string vulnerability due to lack of protection on the admin CLI, leading to code execution and privilege escalation greater than administrators themselves are allowed. | 7.2 |