Search

Find a vulnerability

Search criteria

    1 vulnerability found for af5 by ui

    VAR-201809-0006

    Vulnerability from variot - Updated: 2024-11-23 22:41

    The web management interface of Ubiquiti airMAX, airFiber, airGateway and EdgeSwitch XP (formerly TOUGHSwitch) allows an unauthenticated attacker to upload and write arbitrary files using directory traversal techniques. An attacker can exploit this vulnerability to gain root privileges. This vulnerability is fixed in the following product versions (fixes released in July 2015, all prior versions are affected): airMAX AC 7.1.3; airMAX M (and airRouter) 5.6.2 XM/XW/TI, 5.5.11 XM/TI, and 5.5.10u2 XW; airGateway 1.1.5; airFiber AF24/AF24HD 2.2.1, AF5x 3.0.2.1, and AF5 2.2.1; airOS 4 XS2/XS5 4.0.4; and EdgeSwitch XP (formerly TOUGHSwitch) 1.3.2. plural Ubiquiti Product Contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Ubiquiti airMAX AC, etc. are all products of Ubiquiti Networks in the United States. The Ubiquiti airMAX AC is a wireless access point device. airGateway is a gateway device

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "af5",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "ui",
            "version": "2.2.1"
          },
          {
            "_id": null,
            "model": "airos 4 xs5",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "ubnt",
            "version": "4.0.4"
          },
          {
            "_id": null,
            "model": "airmax m xm",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "ui",
            "version": "5.6.2"
          },
          {
            "_id": null,
            "model": "airmax m xw",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "ui",
            "version": "5.6.2"
          },
          {
            "_id": null,
            "model": "airfiber af24",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "ui",
            "version": "2.2.1"
          },
          {
            "_id": null,
            "model": "airos 4 xs2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "ubnt",
            "version": "4.0.4"
          },
          {
            "_id": null,
            "model": "edgeswitch xp",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "ubnt",
            "version": "1.3.2"
          },
          {
            "_id": null,
            "model": "airgateway",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "ui",
            "version": "1.15"
          },
          {
            "_id": null,
            "model": "af5x",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "ui",
            "version": "3.0.2.1"
          },
          {
            "_id": null,
            "model": "airfiber af24hd",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "ui",
            "version": "2.2.1"
          },
          {
            "_id": null,
            "model": "airmax ac",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "ui",
            "version": "7.1.3"
          },
          {
            "_id": null,
            "model": "airmax m ti",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "ui",
            "version": "5.6.2"
          },
          {
            "_id": null,
            "model": "airfiber",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "ubiquiti",
            "version": "af24 2.2.1"
          },
          {
            "_id": null,
            "model": "airfiber",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "ubiquiti",
            "version": "af24hd 2.2.1"
          },
          {
            "_id": null,
            "model": "airgateway",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "ubiquiti",
            "version": "1.1.5"
          },
          {
            "_id": null,
            "model": "airmax ac",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "ubiquiti",
            "version": "7.1.3"
          },
          {
            "_id": null,
            "model": "airmax m",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "ubiquiti",
            "version": "5.5.10u2 xw"
          },
          {
            "_id": null,
            "model": "airmax m",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "ubiquiti",
            "version": "5.5.11 ti"
          },
          {
            "_id": null,
            "model": "airmax m",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "ubiquiti",
            "version": "5.5.11 xm"
          },
          {
            "_id": null,
            "model": "airmax m",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "ubiquiti",
            "version": "5.6.2 ti"
          },
          {
            "_id": null,
            "model": "airmax m",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "ubiquiti",
            "version": "5.6.2 xm"
          },
          {
            "_id": null,
            "model": "airmax m",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "ubiquiti",
            "version": "5.6.2 xw"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-008231"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-9266"
          }
        ]
      },
      "configurations": {
        "_id": null,
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:ubiquiti_networks:airfiber_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:ubiquiti_networks:airgateway_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:ubiquiti_networks:airmax_ac_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:ubiquiti_networks:airmax_m_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-008231"
          }
        ]
      },
      "cve": "CVE-2015-9266",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2015-9266",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "VHN-87227",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2015-9266",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2015-9266",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "cve@mitre.org",
                "id": "CVE-2015-9266",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2015-9266",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201809-213",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-87227",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2015-9266",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-87227"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-9266"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-008231"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-213"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-9266"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-9266"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "The web management interface of Ubiquiti airMAX, airFiber, airGateway and EdgeSwitch XP (formerly TOUGHSwitch) allows an unauthenticated attacker to upload and write arbitrary files using directory traversal techniques. An attacker can exploit this vulnerability to gain root privileges. This vulnerability is fixed in the following product versions (fixes released in July 2015, all prior versions are affected): airMAX AC 7.1.3; airMAX M (and airRouter) 5.6.2 XM/XW/TI, 5.5.11 XM/TI, and 5.5.10u2 XW; airGateway 1.1.5; airFiber AF24/AF24HD 2.2.1, AF5x 3.0.2.1, and AF5 2.2.1; airOS 4 XS2/XS5 4.0.4; and EdgeSwitch XP (formerly TOUGHSwitch) 1.3.2. plural Ubiquiti Product Contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Ubiquiti airMAX AC, etc. are all products of Ubiquiti Networks in the United States. The Ubiquiti airMAX AC is a wireless access point device. airGateway is a gateway device",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2015-9266"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-008231"
          },
          {
            "db": "VULHUB",
            "id": "VHN-87227"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-9266"
          }
        ],
        "trust": 1.8
      },
      "exploit_availability": {
        "_id": null,
        "data": [
          {
            "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=39701",
            "trust": 0.1,
            "type": "exploit"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2015-9266"
          }
        ]
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2015-9266",
            "trust": 2.6
          },
          {
            "db": "EXPLOIT-DB",
            "id": "39853",
            "trust": 1.8
          },
          {
            "db": "EXPLOIT-DB",
            "id": "39701",
            "trust": 1.8
          },
          {
            "db": "HACKERONE",
            "id": "73480",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-008231",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-213",
            "trust": 0.7
          },
          {
            "db": "VULHUB",
            "id": "VHN-87227",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-9266",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-87227"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-9266"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-008231"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-213"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-9266"
          }
        ]
      },
      "id": "VAR-201809-0006",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-87227"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-11-23T22:41:41.788000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Virus attack - URGENT @UBNT",
            "trust": 0.8,
            "url": "https://community.ubnt.com/t5/airMAX-General-Discussion/Virus-attack-URGENT-UBNT/td-p/1562940"
          },
          {
            "title": "Important Security Notice and airOS 5.6.5 Release",
            "trust": 0.8,
            "url": "https://community.ubnt.com/t5/airMAX-Updates-Blog/Important-Security-Notice-and-airOS-5-6-5-Release/ba-p/1565949"
          },
          {
            "title": "Security Release for airMAX and airGateway Released",
            "trust": 0.8,
            "url": "https://community.ubnt.com/t5/airMAX-Updates-Blog/Security-Release-for-airMAX-TOUGHSwitch-and-airGateway-Released/ba-p/1300494"
          },
          {
            "title": "Multiple Ubiquiti Product path traversal vulnerability fixes",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84546"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-008231"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-213"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-22",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-87227"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-008231"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-9266"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 1.9,
            "url": "https://www.exploit-db.com/exploits/39701/"
          },
          {
            "trust": 1.8,
            "url": "https://community.ubnt.com/t5/airmax-updates-blog/important-security-notice-and-airos-5-6-5-release/ba-p/1565949"
          },
          {
            "trust": 1.8,
            "url": "https://community.ubnt.com/t5/airmax-updates-blog/security-release-for-airmax-toughswitch-and-airgateway-released/ba-p/1300494"
          },
          {
            "trust": 1.8,
            "url": "https://www.exploit-db.com/exploits/39853/"
          },
          {
            "trust": 1.8,
            "url": "https://community.ubnt.com/t5/airmax-general-discussion/virus-attack-urgent-ubnt/td-p/1562940"
          },
          {
            "trust": 1.8,
            "url": "https://hackerone.com/reports/73480"
          },
          {
            "trust": 1.8,
            "url": "https://www.rapid7.com/db/modules/exploit/linux/ssh/ubiquiti_airos_file_upload"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-9266"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-9266"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/22.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-87227"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-9266"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-008231"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-213"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-9266"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-87227",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-9266",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-008231",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-213",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2015-9266",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2018-09-05T00:00:00",
            "db": "VULHUB",
            "id": "VHN-87227",
            "ident": null
          },
          {
            "date": "2018-09-05T00:00:00",
            "db": "VULMON",
            "id": "CVE-2015-9266",
            "ident": null
          },
          {
            "date": "2019-03-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-008231",
            "ident": null
          },
          {
            "date": "2018-09-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201809-213",
            "ident": null
          },
          {
            "date": "2018-09-05T20:29:00.253000",
            "db": "NVD",
            "id": "CVE-2015-9266",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-87227",
            "ident": null
          },
          {
            "date": "2021-08-12T00:00:00",
            "db": "VULMON",
            "id": "CVE-2015-9266",
            "ident": null
          },
          {
            "date": "2019-03-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-008231",
            "ident": null
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201809-213",
            "ident": null
          },
          {
            "date": "2024-11-21T02:40:12.417000",
            "db": "NVD",
            "id": "CVE-2015-9266",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-213"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "plural  Ubiquiti Product Path traversal vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-008231"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "path traversal",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-213"
          }
        ],
        "trust": 0.6
      }
    }