CVE-2010-5330
published 2019-06-11CVE-2010-5330: On certain Ubiquiti devices, Command Injection exists via a GET request to stainfo.cgi (aka Show AP info) because the ifname variable is not sanitized, as…
PriorityP187critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-05-06
Exploited in the wild
EPSS
34.40%
98.2th percentile
On certain Ubiquiti devices, Command Injection exists via a GET request to stainfo.cgi (aka Show AP info) because the ifname variable is not sanitized, as demonstrated by shell metacharacters. The fixed version is v4.0.1 for 802.11 ISP products, v5.3.5 for AirMax ISP products, and v5.4.5 for AirSync firmware. For example, Nanostation5 (Air OS) is affected.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ui | airos | < 4.0.1 | 4.0.1 |
| ui | airos | >= 4.0.2 < 5.3.5 | 5.3.5 |
| ui | airos | >= 5.3.6 < 5.4.5 | 5.4.5 |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for GET requests to stainfo.cgi containing shell metacharacters in the 'ifname' parameter, which indicates exploitation of this command injection vulnerability. ↗
- →Target devices include Ubiquiti AirOS-based products such as Nanostation5; focus detection on HTTP GET traffic to the stainfo.cgi endpoint on these devices. ↗
- ·Fixed versions differ by product line: v4.0.1 for 802.11 ISP products, v5.3.5 for AirMax ISP products, and v5.4.5 for AirSync firmware. Ensure the correct fixed version is applied per product. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vulncheck9.8CRITICAL
cisa9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA
Ubiquiti AirOS Command Injection Vulnerability
cisa·2022-04-15·CVSS 9.8
CVE-2010-5330 [CRITICAL] CWE-77 Ubiquiti AirOS Command Injection Vulnerability
Vulnerability: Ubiquiti AirOS Command Injection Vulnerability
Affected: Ubiquiti AirOS
Certain Ubiquiti devices contain a command injection vulnerability via a GET request to stainfo.cgi.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2010-5330
Remediation Due Date: 2022-05-06
GHSA
GHSA-c5j2-ggvf-gwvg: On certain Ubiquiti devices, Command Injection exists via a GET request to stainfo
ghsa_unreviewed·2022-04-21
CVE-2010-5330 [CRITICAL] CWE-77 GHSA-c5j2-ggvf-gwvg: On certain Ubiquiti devices, Command Injection exists via a GET request to stainfo
On certain Ubiquiti devices, Command Injection exists via a GET request to stainfo.cgi (aka Show AP info) because the ifname variable is not sanitized, as demonstrated by shell metacharacters. The fixed version is v4.0.1 for 802.11 ISP products, v5.3.5 for AirMax ISP products, and v5.4.5 for AirSync firmware. For example, Nanostation5 (Air OS) is affected.
VulnCheck
Ubiquiti AirOS Command Injection Vulnerability
vulncheck·2010·CVSS 9.8
CVE-2010-5330 [CRITICAL] CWE-77 Ubiquiti AirOS Command Injection Vulnerability
Ubiquiti AirOS Command Injection Vulnerability
Certain Ubiquiti devices contain a command injection vulnerability via a GET request to stainfo.cgi.
Affected: Ubiquiti AirOS
Required Action: Apply updates per vendor instructions.
Exploitation References: https://www.akamai.com/blog/security/latest-echobot-26-infection-vectors; https://www.researchgate.net/publication/348602660_An_analysis_of_the_use_of_CVEs_by_IoT_malware; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/honeypot-recon-enterprise-applications-honeypot-unveiling-findings-from-six-worldwide-locations/
Remediation Due: 2022-05-06
No detection rules found.
No public exploits indexed.
Bleepingcomputer
Ubiquiti patches three max severity UniFi OS vulnerabilities
blogs_bleepingcomputer·2026-05-22·CVSS 10.0
CVE-2026-34908 [CRITICAL] Ubiquiti patches three max severity UniFi OS vulnerabilities
## Ubiquiti patches three max severity UniFi OS vulnerabilities
## Sergiu Gatlan
Ubiquiti has released security updates to patch three maximum severity vulnerabilities in UniFi OS that can be exploited by remote attackers without privileges.
UniFi OS is a unified operating system that powers UniFi Consoles and helps manage IT infrastructure, including networking, security, and other services, as well as UniFi applications such as UniFi Network, UniFi Protect, UniFi Access, UniFi Talk, and UniFi Connect.
The first flaw ( CVE-2026-34908 ) enables attackers to make unauthorized changes to targeted systems by exploiting an Improper Access Control weakness in UniFi OS, while the second ( CVE-2026-34909 ) allows them to access files on the underlying system by abusing a Path Traversal vulner
Unit42
Mirai Variant ECHOBOT Resurfaces with 13 Previously Unexploited Vulnerabilities
blogs_unit42·2019-12-13
Mirai Variant ECHOBOT Resurfaces with 13 Previously Unexploited Vulnerabilities
Threat Research Center
Threat Research
Malware
## Mirai Variant ECHOBOT Resurfaces with 13 Previously Unexploited Vulnerabilities
Ruchna Nigam
Published: December 13, 2019
Malware
Threat Research
Vulnerabilities
Echobot
IoT
IoT Vulnerability
Mirai
Mirai variant
## Executive Summary
Since the discovery of the Mirai variant using the binary name ECHOBOT in May 2019, it has resurfaced from time to time, using new infrastructure, and more remarkably, adding to the list of vulnerabilities it scans for, as a means to increase its attack surface with each evolution.
Unlike other Mirai variants, this particular variant stands out for the sheer number of exploits it incorporates, with the latest version having a total of 71 unique exploits, 13 of which haven’t been seen exploite
Unit42
Mirai Variant ECHOBOT Resurfaces with 13 Previously Unexploited Vulnerabilities
blogs_unit42·2019-12-13
Mirai Variant ECHOBOT Resurfaces with 13 Previously Unexploited Vulnerabilities
## Executive Summary
Since the discovery of the Mirai variant using the binary name ECHOBOT in May 2019, it has resurfaced from time to time, using new infrastructure, and more remarkably, adding to the list of vulnerabilities it scans for, as a means to increase its attack surface with each evolution.
Unlike other Mirai variants, this particular variant stands out for the sheer number of exploits it incorporates, with the latest version having a total of 71 unique exploits, 13 of which haven’t been seen exploited in the wild until now, ranging from extremely old CVEs from as long back as 2003, to recent vulnerabilities made public as recently as early December 2019. Based on this seemingly odd choice, one could risk a guess that the attackers could potentially be aiming for the sweet sp
https://community.ubnt.com/t5/airMAX-General-Discussion/AirOS-Security-Exploit-Updated-Firmware/td-p/212974https://www.exploit-db.com/exploits/14146https://community.ubnt.com/t5/airMAX-General-Discussion/AirOS-Security-Exploit-Updated-Firmware/td-p/212974https://www.exploit-db.com/exploits/14146https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-5330
2019-06-11
Published
2022-04-15
Added to CISA KEV
Exploited in the wild