cbcvebase.
CVE-2010-5330
published 2019-06-11

CVE-2010-5330: On certain Ubiquiti devices, Command Injection exists via a GET request to stainfo.cgi (aka Show AP info) because the ifname variable is not sanitized, as…

PriorityP187critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-05-06
Exploited in the wild
EPSS
34.40%
98.2th percentile
On certain Ubiquiti devices, Command Injection exists via a GET request to stainfo.cgi (aka Show AP info) because the ifname variable is not sanitized, as demonstrated by shell metacharacters. The fixed version is v4.0.1 for 802.11 ISP products, v5.3.5 for AirMax ISP products, and v5.4.5 for AirSync firmware. For example, Nanostation5 (Air OS) is affected.

Affected

3 ranges
VendorProductVersion rangeFixed in
uiairos< 4.0.14.0.1
uiairos>= 4.0.2 < 5.3.55.3.5
uiairos>= 5.3.6 < 5.4.55.4.5

Detection & IOCsextracted from sources · hover to see the quote

urlstainfo.cgi
  • Monitor for GET requests to stainfo.cgi containing shell metacharacters in the 'ifname' parameter, which indicates exploitation of this command injection vulnerability.
  • Target devices include Ubiquiti AirOS-based products such as Nanostation5; focus detection on HTTP GET traffic to the stainfo.cgi endpoint on these devices.
  • ·Fixed versions differ by product line: v4.0.1 for 802.11 ISP products, v5.3.5 for AirMax ISP products, and v5.4.5 for AirSync firmware. Ensure the correct fixed version is applied per product.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vulncheck9.8CRITICAL
cisa9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.