Shodan
Vulnerabilities
Vulnerable Software
Ucopia:  Security Vulnerabilities
CVE-2022-44719
An issue was discovered in Weblib Ucopia before 6.0.13. The SSH Server has Insecure Permissions.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-06-29
CVE-2022-44720
An issue was discovered in Weblib Ucopia before 6.0.13. OS Command Injection injection can occur, related to chroot.
CVSS Score
9.8
EPSS Score
0.007
Published
2023-06-29
CVE-2020-25035
UCOPIA Wi-Fi appliances 6.0.5 allow arbitrary code execution with root privileges using chroothole_client's PHP call, a related issue to CVE-2017-11322.
CVSS Score
6.7
EPSS Score
0.001
Published
2021-02-02
CVE-2020-25036
UCOPIA Wi-Fi appliances 6.0.5 allow authenticated remote attackers to escape the restricted administration shell CLI, and access a shell with admin user rights, via an unprotected less command.
CVSS Score
8.8
EPSS Score
0.021
Published
2021-02-02
CVE-2020-25037
UCOPIA Wi-Fi appliances 6.0.5 allow arbitrary code execution with admin user privileges via an escape from a restricted command.
CVSS Score
8.2
EPSS Score
0.001
Published
2021-02-02
CVE-2018-15481
Improper input sanitization within the restricted administration shell on UCOPIA Wireless Appliance devices using firmware version 5.1.x before 5.1.13 allows authenticated remote attackers to escape the shell and escalate their privileges by adding a LocalCommand to the SSH configuration file in the user home folder.
CVSS Score
8.8
EPSS Score
0.008
Published
2018-08-21
CVE-2017-17743
Improper input sanitization within the restricted administration shell on UCOPIA Wireless Appliance devices before 4.4.20, 5.0.x before 5.0.19, and 5.1.x before 5.1.11 allows authenticated remote attackers to escape the shell and escalate their privileges by uploading a .bashrc file containing the /bin/sh string. In some situations, authentication can be achieved via the bhu85tgb default password for the admin account.
CVSS Score
6.7
EPSS Score
0.005
Published
2018-03-22
CVE-2017-11322
The chroothole_client executable in UCOPIA Wireless Appliance before 5.1.8 allows remote attackers to gain root privileges via a dollar sign ($) metacharacter in the argument to chroothole_client.
CVSS Score
8.2
EPSS Score
0.006
Published
2017-10-03
CVE-2017-11321
The restricted shell interface in UCOPIA Wireless Appliance before 5.1.8 allows remote authenticated users to gain 'admin' privileges via shell metacharacters in the less command.
CVSS Score
7.2
EPSS Score
0.074
Published
2017-10-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved