CVE-2020-8282

A security issue was found in EdgePower 24V/54V firmware v1.7.0 and earlier where, due to missing CSRF protections, an attacker would have been able to perform unauthorized remote code execution.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
hackeroneCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 58%
VendorProductVersion
uiedgemax_edgepower_24v_firmware
𝑥
≤ 1.7.0
uiedgemax_edgepower_54v_firmware
𝑥
≤ 1.7.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://community.ui.com/releases/Security-advisory-bulletin-016-016/40c1d33d-785e-44d5-8e6c-56a8addef1bc
https://community.ui.com/releases/Security-advisory-bulletin-016-016/40c1d33d-785e-44d5-8e6c-56a8addef1bc