CyberSec.Space Logo
返回 CVE 浏览器

CVE-2015-9266

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1670%
EPSS Percentile26.70th
Published2018年9月5日
Last Modified2024年11月21日

Vulnerability Description

The web management interface of Ubiquiti airMAX, airFiber, airGateway and EdgeSwitch XP (formerly TOUGHSwitch) allows an unauthenticated attacker to upload and write arbitrary files using directory traversal techniques. An attacker can exploit this vulnerability to gain root privileges. This vulnerability is fixed in the following product versions (fixes released in July 2015, all prior versions are affected): airMAX AC 7.1.3; airMAX M (and airRouter) 5.6.2 XM/XW/TI, 5.5.11 XM/TI, and 5.5.10u2 XW; airGateway 1.1.5; airFiber AF24/AF24HD 2.2.1, AF5x 3.0.2.1, and AF5 2.2.1; airOS 4 XS2/XS5 4.0.4; and EdgeSwitch XP (formerly TOUGHSwitch) 1.3.2.

Affected Platforms (CPE)

💻
Ui

Airmax Ac Firmware

= 7.1.3
💻
Ui

Airmax M Xm Firmware

< 5.6.2
💻
Ui

Airmax M Xw Firmware

< 5.6.2
💻
Ui

Airmax M Ti Firmware

< 5.6.2
💻
Ui

Airgateway Firmware

< 1.15
💻
Ui

Airfiber Af24 Firmware

< 2.2.1
💻
Ui

Airfiber Af24hd Firmware

< 2.2.1
💻
Ui

Af5x Firmware

< 3.0.2.1
💻
Ui

Af5 Firmware

< 2.2.1
💻
Ubnt

Airos 4 Xs2

< 4.0.4
💻
Ubnt

Airos 4 Xs5

< 4.0.4
💻
Ubnt

Edgeswitch Xp Firmware

< 1.3.2

References & Advisories

🔗 https://community.ubnt.com/t5/airMAX-General-Discussion/Virus-attack-URGENT-UBNT/td-p/1562940
🔗 https://community.ubnt.com/t5/airMAX-Updates-Blog/Important-Security-Notice-and-airOS-5-6-5-Release/ba-p/1565949
🔗 https://community.ubnt.com/t5/airMAX-Updates-Blog/Security-Release-for-airMAX-TOUGHSwitch-and-airGateway-Released/ba-p/1300494
🔗 https://hackerone.com/reports/73480
🔗 https://www.exploit-db.com/exploits/39701/
🔗 https://www.exploit-db.com/exploits/39853/
🔗 https://www.rapid7.com/db/modules/exploit/linux/ssh/ubiquiti_airos_file_upload
🔗 https://community.ubnt.com/t5/airMAX-General-Discussion/Virus-attack-URGENT-UBNT/td-p/1562940

相关漏洞威胁

CVE-2020-81719.8

We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on...

CVE-2010-53309.8

On certain Ubiquiti devices, Command Injection exists via a GET request to stainfo.cgi (aka Show AP info) because the ifname varia...

CVE-2020-81688.8

We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on...

CVE-2020-81706.1

We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on...