CVE-2019-3496

Name of the Vulnerable Software and Affected Versions Wifi-soft UniBox controller versions 3.x

Description A Remote Command Execution issue was discovered in the Diagnostic Tools Controller, allowing an attacker to execute arbitrary system commands on the server with root user privileges. The authentication for accessing this component can be bypassed by using hard-coded credentials.

Recommendations For Wifi-soft UniBox controller versions 3.x, as a temporary workaround, consider disabling the Diagnostic Tools Controller until a patch is available. Restrict access to the Diagnostic Tools Controller to minimize the risk of exploitation. Avoid using hard-coded credentials in the Diagnostic Tools Controller until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.