CyberSec.Space Logo
CVEブラウザに戻る

CVE-2010-5330

Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
EPSS Score45.5120%
EPSS Percentile90.59th
Published2019年6月11日
Last Modified2025年11月5日

Vulnerability Description

On certain Ubiquiti devices, Command Injection exists via a GET request to stainfo.cgi (aka Show AP info) because the ifname variable is not sanitized, as demonstrated by shell metacharacters. The fixed version is v4.0.1 for 802.11 ISP products, v5.3.5 for AirMax ISP products, and v5.4.5 for AirSync firmware. For example, Nanostation5 (Air OS) is affected.

Affected Platforms (CPE)

💻
Ui

Airos

< 4.0.1
💻
Ui

Airos

>= 4.0.2 and < 5.3.5
💻
Ui

Airos

>= 5.3.6 and < 5.4.5

References & Advisories

🔗 https://community.ubnt.com/t5/airMAX-General-Discussion/AirOS-Security-Exploit-Updated-Firmware/td-p/212974
🔗 https://www.exploit-db.com/exploits/14146
🔗 https://community.ubnt.com/t5/airMAX-General-Discussion/AirOS-Security-Exploit-Updated-Firmware/td-p/212974
🔗 https://www.exploit-db.com/exploits/14146
🔗 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-5330

関連する脆弱性情報

CVE-2020-81719.8

We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on...

CVE-2015-92669.8

The web management interface of Ubiquiti airMAX, airFiber, airGateway and EdgeSwitch XP (formerly TOUGHSwitch) allows an unauthent...

CVE-2020-81688.8

We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on...

CVE-2020-81706.1

We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on...