cbcvebase.
CVE-2017-0938
published 2019-02-12

CVE-2017-0938: Denial of Service attack in airMAX < 8.3.2 , airMAX < 6.0.7 and EdgeMAX < 1.9.7 allow attackers to use the Discovery Protocol in amplification attacks.

PriorityP271high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
20.97%
97.2th percentile
Denial of Service attack in airMAX < 8.3.2 , airMAX < 6.0.7 and EdgeMAX < 1.9.7 allow attackers to use the Discovery Protocol in amplification attacks.

Affected

3 ranges
VendorProductVersion rangeFixed in
uiairos< 6.0.76.0.7
uiairos>= 6.0.7 < 8.3.28.3.2
uiedgemax_firmware< 1.9.71.9.7

Detection & IOCsextracted from sources · hover to see the quote

portUDP/10001
portUDP/7004
  • Monitor for UDP traffic on ports 10001 and 7004 directed at Ubiquiti devices (airMAX / EdgeMAX); unexpected high-volume responses may indicate abuse of the Discovery Protocol for amplification attacks.
  • Detect use of the Ubiquiti Discovery Protocol as an amplification vector; unsolicited discovery responses leaking platform names and IP addresses indicate active exploitation.
  • ·Vulnerable firmware versions: airMAX below 8.3.2, airMAX below 6.0.7, and EdgeMAX below 1.9.7 are affected; devices running these versions with UDP 10001/7004 exposed are exploitable.
  • ·Exposure of UDP ports 10001 and 7004 to the internet on Ubiquiti devices enables both amplification DDoS and unauthorized disclosure of sensitive device metadata (platform names, IP addresses).

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.