CVE-2019-15051 - uaGate yet another authenticated remote code execution

A cgi script of the uaGate SI handles its parameters in an unsafe fashion. Maliciously carfted url parameters can transfere an arbitrary command payload that is executed with the rights of the webserver.



CVE-2019-11526 - uaGate sudo privilege escalation

The uaGates firmware update script, that is called from the webserver user with sudo, handles its parameters in a unsafe fashion. So along with a legitimate firmware image, a second firmware file can be supplied to the script.



CVE-2019-11527 - uaGate authenticated remote code execution

A cgi script of the uaGate SI handles its parameters in an unsafe fashion. Maliciously carfted url parameters can transfere an arbitrary command payload that is executed with the rights of the webserver.



CVE-2019-11528 - ill default permissons in uaGate SI

The system path /usr/local/bin has file mode 2777 (drwxrwsrwx).