Ui Airos vulnerabilities
5 known vulnerabilities affecting ui/airos.
Total CVEs
5
CISA KEV
1
actively exploited
Public exploits
0
Exploited in wild
2
Severity breakdown
CRITICAL2HIGH2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2010-5330P1CRITICALCVSS 9.8KEVfixed in 4.0.1≥ 4.0.2, < 5.3.5+1 more2019-06-11
CVE-2010-5330 [CRITICAL] CWE-77 CVE-2010-5330: On certain Ubiquiti devices, Command Injection exists via a GET request to stainfo.cgi (aka Show AP
On certain Ubiquiti devices, Command Injection exists via a GET request to stainfo.cgi (aka Show AP info) because the ifname variable is not sanitized, as demonstrated by shell metacharacters. The fixed version is v4.0.1 for 802.11 ISP products, v5.3.5 for AirMax ISP products, and v5.4.5 for AirSync firmware. For example, Nanostation5 (Air OS) is affe
nvd
CVE-2017-0938P2HIGHCVSS 7.5Exploitedfixed in 6.0.7≥ 6.0.7, < 8.3.22019-02-12
CVE-2017-0938 [HIGH] CWE-400 CVE-2017-0938: Denial of Service attack in airMAX < 8.3.2 , airMAX < 6.0.7 and EdgeMAX < 1.9.7 allow attackers to u
Denial of Service attack in airMAX < 8.3.2 , airMAX < 6.0.7 and EdgeMAX < 1.9.7 allow attackers to use the Discovery Protocol in amplification attacks.
nvd
CVE-2020-8171P2CRITICALCVSS 9.8≤ 6.2.02020-05-26
CVE-2020-8171 [CRITICAL] CWE-77 CVE-2020-8171: We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that
We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on AirMax AirOS v6.2.0 and prior TI, XW and XM boards, according to the description below:There are certain end-points containing functionalities that are vulnerable to command injection. It is possible to craft an input stri
nvd
CVE-2020-8168P3HIGHCVSS 8.8≤ 6.2.02020-05-26
CVE-2020-8168 [HIGH] CWE-352 CVE-2020-8168: We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that
We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on AirMax AirOS v6.2.0 and prior TI, XW and XM boards, according to the description below:Attackers can abuse multiple end-points not protected against cross-site request forgery (CSRF), as a result authenticated users can be pe
nvd
CVE-2020-8170P4MEDIUMCVSS 6.1≤ 6.2.02020-05-26
CVE-2020-8170 [MEDIUM] CWE-79 CVE-2020-8170: We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that
We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on AirMax AirOS v6.2.0 and prior TI, XW and XM boards, according to the description below:Multiple end-points with parameters vulnerable to reflected cross site scripting (XSS), allowing attackers to abuse the user' session inf
nvd