CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
80.8%
The HTTP web-management application on Edgewater Networks Edgemarc appliances has a hidden page that allows for user-defined commands such as specific iptables routes, etc., to be set. You can use this page as a web shell essentially to execute commands, though you get no feedback client-side from the web application: if the command is valid, it executes. An example is the wget command. The page that allows this has been confirmed in firmware as old as 2006.
Vendor | Product | Version | CPE |
---|---|---|---|
ribboncommunications | edgemarc_4550 | - | cpe:2.3:h:ribboncommunications:edgemarc_4550:-:*:*:*:*:*:*:* |
ribboncommunications | edgemarc_4552 | - | cpe:2.3:h:ribboncommunications:edgemarc_4552:-:*:*:*:*:*:*:* |
ribboncommunications | edgemarc_4601 | - | cpe:2.3:h:ribboncommunications:edgemarc_4601:-:*:*:*:*:*:*:* |
ribboncommunications | edgemarc_4700 | - | cpe:2.3:h:ribboncommunications:edgemarc_4700:-:*:*:*:*:*:*:* |
ribboncommunications | edgemarc_4750 | - | cpe:2.3:h:ribboncommunications:edgemarc_4750:-:*:*:*:*:*:*:* |
ribboncommunications | edgemarc_4800 | - | cpe:2.3:h:ribboncommunications:edgemarc_4800:-:*:*:*:*:*:*:* |
ribboncommunications | edgemarc_4806 | - | cpe:2.3:h:ribboncommunications:edgemarc_4806:-:*:*:*:*:*:*:* |
ribboncommunications | edgemarc_4808 | - | cpe:2.3:h:ribboncommunications:edgemarc_4808:-:*:*:*:*:*:*:* |
ribboncommunications | edgemarc_7301 | - | cpe:2.3:h:ribboncommunications:edgemarc_7301:-:*:*:*:*:*:*:* |
ribboncommunications | edgemarc_7400 | - | cpe:2.3:h:ribboncommunications:edgemarc_7400:-:*:*:*:*:*:*:* |
More
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
80.8%