CVE DATABASE / CVE-2021-22909

CVE-2021-22909

CVSS 7.5 · HIGH

Summary

A vulnerability found in EdgeMAX EdgeRouter V2.0.9 and earlier could allow a malicious actor to execute a man-in-the-middle (MitM) attack during a firmware update. This vulnerability is fixed in EdgeMAX EdgeRouter V2.0.9-hotfix.1 and later.

CVSS 3.1 breakdown

Base score	7.5 (HIGH)
Vector	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack vector	NETWORK
Attack complexity	HIGH
Privileges required	NONE
User interaction	REQUIRED
Scope	UNCHANGED
Confidentiality	HIGH
Integrity	HIGH
Availability	HIGH

Weakness type (CWE)

CWE-300
CWE-295

Affected products

Ui edgemax edgerouter firmwareUi edgemax edgerouter

Check this CVE live

Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.

References

https://community.ui.com/releases/Security-Advisory-Bulletin-018-018/cfa1566b-4bf8-427b-8cc7-8cffba3a93a4

Data: NIST NVD. NVD last modified 2024-11-21. Always verify against the vendor advisory before acting.