CVE-2019-3497

Name of the Vulnerable Software and Affected Versions Wifi-soft UniBox controller versions 0.x through 2.x

Description An issue in the Diagnostic Tools component of the Wifi-soft UniBox controller allows for Remote Command Execution. This is due to the tools/ping Ping feature being vulnerable, enabling an attacker to execute arbitrary system commands on the server with root user privileges. The authentication for accessing this component can be bypassed by utilizing hard-coded credentials.

Recommendations For Wifi-soft UniBox controller versions 0.x through 2.x, consider disabling the tools/ping Ping feature in the Diagnostic Tools component until a patch is available to prevent Remote Command Execution. Restrict access to the Diagnostic Tools component to minimize the risk of exploitation. Avoid using hard-coded credentials for authentication.