AirMax XW.v6.2.0 (and prior) containing multiple end-points with parameters vulnerable to reflected cross site scripting (XSS), allowing attackers to abuse the user’ session information and/or account takeover of the admin user.
These vulnerabilities were found on AirMax AirMax AirOS v6.2.0 and prior versions for TI, XW and XM boards.
The fix for these vulnerabilities were included in the new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards.
For more details please visit:
https://community.ui.com/releases/airMAX-M-v6-3-0/c8d5dec9-4030-4d7e-b23f-6a5b35ed3d83