彙總 ucopia 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
歷史漏洞主要涉及 命令注入 等安全問題,並影響 軟體部署與生產負載 相關場景。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2022-44720 | An issue was discovered in Weblib Ucopia before 6.0.13. OS Command Injection injection can occur, related to chroot. | [email protected] | 9.8 | 0.63% | 2023-06-29 | 2024-11-21 |
| CVE-2022-44719 | An issue was discovered in Weblib Ucopia before 6.0.13. The SSH Server has Insecure Permissions. | [email protected] | 7.5 | 0.05% | 2023-06-29 | 2024-11-21 |
| CVE-2020-25036 | UCOPIA Wi-Fi appliances 6.0.5 allow authenticated remote attackers to escape the restricted administration shell CLI, and access a shell with admin user rights, via an unprotected less command. | [email protected] | 8.8 | 1.81% | 2021-02-02 | 2024-11-21 |
| CVE-2020-25035 | UCOPIA Wi-Fi appliances 6.0.5 allow arbitrary code execution with root privileges using chroothole_client's PHP call, a related issue to CVE-2017-11322. | [email protected] | 6.7 | 0.06% | 2021-02-02 | 2024-11-21 |
| CVE-2020-25037 | UCOPIA Wi-Fi appliances 6.0.5 allow arbitrary code execution with admin user privileges via an escape from a restricted command. | [email protected] | 8.2 | 0.08% | 2021-02-02 | 2024-11-21 |
| CVE-2018-15481 | Improper input sanitization within the restricted administration shell on UCOPIA Wireless Appliance devices using firmware version 5.1.x before 5.1.13 allows authenticated remote attackers to escape the shell and escalate their privileges by adding a LocalCommand to the SSH configuration file in the user home folder. | [email protected] | 8.8 | 0.72% | 2018-08-21 | 2024-11-21 |
| CVE-2017-17743 | Improper input sanitization within the restricted administration shell on UCOPIA Wireless Appliance devices before 4.4.20, 5.0.x before 5.0.19, and 5.1.x before 5.1.11 allows authenticated remote attackers to escape the shell and escalate their privileges by uploading a .bashrc file containing the /bin/sh string. In some situations, authentication can be achieved via the bhu85tgb default password for the admin account. | [email protected] | 6.7 | 0.36% | 2018-03-22 | 2024-11-21 |
| CVE-2017-11322 | The chroothole_client executable in UCOPIA Wireless Appliance before 5.1.8 allows remote attackers to gain root privileges via a dollar sign ($) metacharacter in the argument to chroothole_client. | [email protected] | 8.2 | 1.33% | 2017-10-03 | 2026-05-13 |
| CVE-2017-11321 | The restricted shell interface in UCOPIA Wireless Appliance before 5.1.8 allows remote authenticated users to gain 'admin' privileges via shell metacharacters in the less command. | [email protected] | 7.2 | 10.48% | 2017-10-03 | 2026-05-13 |