5 matches found
CVE-2010-5330
CVE-2010-5330 covers a command injection in Ubiquiti devices via GET to stainfo.cgi. The issue arises because the ifname parameter is not sanitized, enabling shell metacharacters to be injected. Affected families include Ubiquiti AirOS (before 4.0.1), AirMax ISP products (before 5.3.5), and AirSy...
CVE-2020-8168
AirMax AirOS v6.3.0 fixes a CSRF vulnerability in v6.2.0 and earlier on TI, XW and XM boards. The issue allowed CSRF-protected endpoints to be abused by authenticated users via malicious pages to perform actions such as downgrading firmware, modifying configuration, uploading firmware, and exfilt...
CVE-2020-8170
The CVE-2020-8170 entry relates to Ubiquiti AirMax AirOS firmware (TI, XW, XM boards) with v6.2.0 and earlier, where multiple endpoints vulnerable to reflected XSS could allow an attacker to abuse a user’s session info and potentially take over the admin account. The vulnerability is tied to endp...
CVE-2020-8171
CVE-2020-8171 affects Ubiquiti AirMax AirOS firmware for TI, XW and XM boards (versions 6.2.0 and earlier). The issue is a command-injection vulnerability in certain endpoints where an input string can bypass filters and still execute commands, enabling remote code execution. The vulnerability is...
CVE-2017-0938
CVE-2017-0938 describes a Denial of Service vulnerability in UBNT airMAX and EdgeMAX devices via amplification of the Discovery Protocol. Affected products/versions include airMAX prior to 8.3.2 and prior to 6.0.7, and EdgeMAX prior to 1.9.7. The issue is triggered by abusing the Discovery Protoc...