Ubiquiti Inc.: Reflected XSS in Nanostation Loco M2 - AirOS ver=6.1.7

AirMax XW.v6.2.0 and prior containing multiple end-points with parameters vulnerable to reflected cross site scripting XSS, allowing attackers to abuse the user' session information and/or account takeover of the admin user. These vulnerabilities were found on AirMax AirMax AirOS v6.2.0 and prior...

Ubiquiti Inc.: XSS on Nanostation Loco M2 Airmax

The researcher demonstrated that an unauthenticated POST request with crafted parameters could cause reflected-XSS due to lack of input sanitization on airOS v5.6.8. Fixes have been released with airOS v5.6.15 and airOS v6.0.1...

Ubiquiti Inc.: Reflected Xss in AirMax [Nanostation Loco M2]

Dear James, I've found a reflected xss in nanostation Loco M2. just open this link and xss will execute. http://172.98.67.89:22057/survey.cgi?iface=%22%3E%3Cimg%20src=x%20onerror=promptdocument.cookie%3E F103333 Best Regard Shubham...

AirOS NanoStation M2 5.6-beta File Download / Command Execution

AirOS NanoStation M2 v5.6-beta Arbitrary File Download & Remote Command Execution Tested on: XM.v5.6-beta5.24359.141008.1753 - Build: 2435 Linux Awesome 2.6.32.63 1 Wed Oct 8 17:54:30 EEST 2014 mips unknown Date: May 30, 2016 Informer: Pablo Rebolini - Valid credentials are required !. Most of...

AirOS NanoStation M2 5.6-beta - Multiple Vulnerabilities

AirOS NanoStation M2 v5.6-beta Arbitrary File Download & Remote Command Execution Tested on: XM.v5.6-beta5.24359.141008.1753 - Build: 2435 Linux Awesome 2.6.32.63 1 Wed Oct 8 17:54:30 EEST 2014 mips unknown Date: May 30, 2016 Informer: Pablo Rebolini - Valid credentials are required !. Most of...

AirOS NanoStation M2 5.6-beta - Multiple Vulnerabilities

AirOS NanoStation M2 5.6-beta - Multiple Vulnerabilities AirOS NanoStation M2 v5.6-beta Arbitrary File Download & Remote Command Execution Tested on: XM.v5.6-beta5.24359.141008.1753 - Build: 2435 Linux Awesome 2.6.32.63 1 Wed Oct 8 17:54:30 EEST 2014 mips unknown Date: May 30, 2016 Informer: Pabl...

AirOs (NanoStation,AirGrid) M5 Multiple Vulnerabilities

Exploit for hardware platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1...

Ubiquiti NanoStation Web管理界面远程Shell命令注入漏洞

BUGTRAQ ID: 41272 NanoStation是系列无线网桥设备。 运行AirOS操作系统的NanoStation设备没有正确地过滤用户提交给Web管理界面中stainfo.cgi脚本的ifname参数便用作了命令行参数，远程攻击者可以通过提交恶意请求导致注入并执行任意shell命令。 Ubiquiti Networks Nanostation 5 厂商补丁： Ubiquiti Networks ----------------- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本：...