Lucene search
+L
UiAiros

5 matches found

CVE
CVE
added 2019/06/11 8:46 p.m.1070 views

CVE-2010-5330

CVE-2010-5330 covers a command injection in Ubiquiti devices via GET to stainfo.cgi. The issue arises because the ifname parameter is not sanitized, enabling shell metacharacters to be injected. Affected families include Ubiquiti AirOS (before 4.0.1), AirMax ISP products (before 5.3.5), and AirSy...

9.8CVSS9.3AI score0.34641EPSS
In wild
CVE
CVE
added 2020/05/26 3:43 p.m.122 views

CVE-2020-8168

AirMax AirOS v6.3.0 fixes a CSRF vulnerability in v6.2.0 and earlier on TI, XW and XM boards. The issue allowed CSRF-protected endpoints to be abused by authenticated users via malicious pages to perform actions such as downgrading firmware, modifying configuration, uploading firmware, and exfilt...

8.8CVSS8.8AI score0.00693EPSS
CVE
CVE
added 2020/05/26 3:37 p.m.107 views

CVE-2020-8170

The CVE-2020-8170 entry relates to Ubiquiti AirMax AirOS firmware (TI, XW, XM boards) with v6.2.0 and earlier, where multiple endpoints vulnerable to reflected XSS could allow an attacker to abuse a user’s session info and potentially take over the admin account. The vulnerability is tied to endp...

6.1CVSS6.5AI score0.0102EPSS
CVE
CVE
added 2020/05/26 3:40 p.m.107 views

CVE-2020-8171

CVE-2020-8171 affects Ubiquiti AirMax AirOS firmware for TI, XW and XM boards (versions 6.2.0 and earlier). The issue is a command-injection vulnerability in certain endpoints where an input string can bypass filters and still execute commands, enabling remote code execution. The vulnerability is...

9.8CVSS10AI score0.03881EPSS
CVE
CVE
added 2019/02/12 10:0 p.m.65 views

CVE-2017-0938

CVE-2017-0938 describes a Denial of Service vulnerability in UBNT airMAX and EdgeMAX devices via amplification of the Discovery Protocol. Affected products/versions include airMAX prior to 8.3.2 and prior to 6.0.7, and EdgeMAX prior to 1.9.7. The issue is triggered by abusing the Discovery Protoc...

7.5CVSS7.4AI score0.20974EPSS