CVE-2019-5426

CVE-2019-5426

Vendor Ubiquiti Networks
Product EdgeMAX
Weakness CWE-287 · Improper authentication
Published April 10, 2019
Last update August 4, 2024

CVSS base score

What the vulnerability does

01Description

In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an unauthenticated user can use the "local port forwarding" and "dynamic port forwarding" (SOCKS proxy) functionalities. Remote attackers without credentials can exploit this bug to access local services or forward traffic through the device if SSH is enabled in the system settings.

Key dates

02Disclosure timeline

April 10, 2019 CVE published
August 4, 2024 Record updated