Search criteria
1 vulnerability found for af5 by ui
VAR-201809-0006
Vulnerability from variot - Updated: 2024-11-23 22:41The web management interface of Ubiquiti airMAX, airFiber, airGateway and EdgeSwitch XP (formerly TOUGHSwitch) allows an unauthenticated attacker to upload and write arbitrary files using directory traversal techniques. An attacker can exploit this vulnerability to gain root privileges. This vulnerability is fixed in the following product versions (fixes released in July 2015, all prior versions are affected): airMAX AC 7.1.3; airMAX M (and airRouter) 5.6.2 XM/XW/TI, 5.5.11 XM/TI, and 5.5.10u2 XW; airGateway 1.1.5; airFiber AF24/AF24HD 2.2.1, AF5x 3.0.2.1, and AF5 2.2.1; airOS 4 XS2/XS5 4.0.4; and EdgeSwitch XP (formerly TOUGHSwitch) 1.3.2. plural Ubiquiti Product Contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Ubiquiti airMAX AC, etc. are all products of Ubiquiti Networks in the United States. The Ubiquiti airMAX AC is a wireless access point device. airGateway is a gateway device
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "af5",
"scope": "lt",
"trust": 1.0,
"vendor": "ui",
"version": "2.2.1"
},
{
"_id": null,
"model": "airos 4 xs5",
"scope": "lt",
"trust": 1.0,
"vendor": "ubnt",
"version": "4.0.4"
},
{
"_id": null,
"model": "airmax m xm",
"scope": "lt",
"trust": 1.0,
"vendor": "ui",
"version": "5.6.2"
},
{
"_id": null,
"model": "airmax m xw",
"scope": "lt",
"trust": 1.0,
"vendor": "ui",
"version": "5.6.2"
},
{
"_id": null,
"model": "airfiber af24",
"scope": "lt",
"trust": 1.0,
"vendor": "ui",
"version": "2.2.1"
},
{
"_id": null,
"model": "airos 4 xs2",
"scope": "lt",
"trust": 1.0,
"vendor": "ubnt",
"version": "4.0.4"
},
{
"_id": null,
"model": "edgeswitch xp",
"scope": "lt",
"trust": 1.0,
"vendor": "ubnt",
"version": "1.3.2"
},
{
"_id": null,
"model": "airgateway",
"scope": "lt",
"trust": 1.0,
"vendor": "ui",
"version": "1.15"
},
{
"_id": null,
"model": "af5x",
"scope": "lt",
"trust": 1.0,
"vendor": "ui",
"version": "3.0.2.1"
},
{
"_id": null,
"model": "airfiber af24hd",
"scope": "lt",
"trust": 1.0,
"vendor": "ui",
"version": "2.2.1"
},
{
"_id": null,
"model": "airmax ac",
"scope": "eq",
"trust": 1.0,
"vendor": "ui",
"version": "7.1.3"
},
{
"_id": null,
"model": "airmax m ti",
"scope": "lt",
"trust": 1.0,
"vendor": "ui",
"version": "5.6.2"
},
{
"_id": null,
"model": "airfiber",
"scope": "lt",
"trust": 0.8,
"vendor": "ubiquiti",
"version": "af24 2.2.1"
},
{
"_id": null,
"model": "airfiber",
"scope": "lt",
"trust": 0.8,
"vendor": "ubiquiti",
"version": "af24hd 2.2.1"
},
{
"_id": null,
"model": "airgateway",
"scope": "lt",
"trust": 0.8,
"vendor": "ubiquiti",
"version": "1.1.5"
},
{
"_id": null,
"model": "airmax ac",
"scope": "lt",
"trust": 0.8,
"vendor": "ubiquiti",
"version": "7.1.3"
},
{
"_id": null,
"model": "airmax m",
"scope": "lt",
"trust": 0.8,
"vendor": "ubiquiti",
"version": "5.5.10u2 xw"
},
{
"_id": null,
"model": "airmax m",
"scope": "lt",
"trust": 0.8,
"vendor": "ubiquiti",
"version": "5.5.11 ti"
},
{
"_id": null,
"model": "airmax m",
"scope": "lt",
"trust": 0.8,
"vendor": "ubiquiti",
"version": "5.5.11 xm"
},
{
"_id": null,
"model": "airmax m",
"scope": "lt",
"trust": 0.8,
"vendor": "ubiquiti",
"version": "5.6.2 ti"
},
{
"_id": null,
"model": "airmax m",
"scope": "lt",
"trust": 0.8,
"vendor": "ubiquiti",
"version": "5.6.2 xm"
},
{
"_id": null,
"model": "airmax m",
"scope": "lt",
"trust": 0.8,
"vendor": "ubiquiti",
"version": "5.6.2 xw"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008231"
},
{
"db": "NVD",
"id": "CVE-2015-9266"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:ubiquiti_networks:airfiber_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ubiquiti_networks:airgateway_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ubiquiti_networks:airmax_ac_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ubiquiti_networks:airmax_m_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008231"
}
]
},
"cve": "CVE-2015-9266",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2015-9266",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-87227",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2015-9266",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-9266",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "cve@mitre.org",
"id": "CVE-2015-9266",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2015-9266",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-213",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-87227",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2015-9266",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-87227"
},
{
"db": "VULMON",
"id": "CVE-2015-9266"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008231"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-213"
},
{
"db": "NVD",
"id": "CVE-2015-9266"
},
{
"db": "NVD",
"id": "CVE-2015-9266"
}
]
},
"description": {
"_id": null,
"data": "The web management interface of Ubiquiti airMAX, airFiber, airGateway and EdgeSwitch XP (formerly TOUGHSwitch) allows an unauthenticated attacker to upload and write arbitrary files using directory traversal techniques. An attacker can exploit this vulnerability to gain root privileges. This vulnerability is fixed in the following product versions (fixes released in July 2015, all prior versions are affected): airMAX AC 7.1.3; airMAX M (and airRouter) 5.6.2 XM/XW/TI, 5.5.11 XM/TI, and 5.5.10u2 XW; airGateway 1.1.5; airFiber AF24/AF24HD 2.2.1, AF5x 3.0.2.1, and AF5 2.2.1; airOS 4 XS2/XS5 4.0.4; and EdgeSwitch XP (formerly TOUGHSwitch) 1.3.2. plural Ubiquiti Product Contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Ubiquiti airMAX AC, etc. are all products of Ubiquiti Networks in the United States. The Ubiquiti airMAX AC is a wireless access point device. airGateway is a gateway device",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-9266"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008231"
},
{
"db": "VULHUB",
"id": "VHN-87227"
},
{
"db": "VULMON",
"id": "CVE-2015-9266"
}
],
"trust": 1.8
},
"exploit_availability": {
"_id": null,
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=39701",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-9266"
}
]
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2015-9266",
"trust": 2.6
},
{
"db": "EXPLOIT-DB",
"id": "39853",
"trust": 1.8
},
{
"db": "EXPLOIT-DB",
"id": "39701",
"trust": 1.8
},
{
"db": "HACKERONE",
"id": "73480",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008231",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201809-213",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-87227",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-9266",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-87227"
},
{
"db": "VULMON",
"id": "CVE-2015-9266"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008231"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-213"
},
{
"db": "NVD",
"id": "CVE-2015-9266"
}
]
},
"id": "VAR-201809-0006",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-87227"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:41:41.788000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Virus attack - URGENT @UBNT",
"trust": 0.8,
"url": "https://community.ubnt.com/t5/airMAX-General-Discussion/Virus-attack-URGENT-UBNT/td-p/1562940"
},
{
"title": "Important Security Notice and airOS 5.6.5 Release",
"trust": 0.8,
"url": "https://community.ubnt.com/t5/airMAX-Updates-Blog/Important-Security-Notice-and-airOS-5-6-5-Release/ba-p/1565949"
},
{
"title": "Security Release for airMAX and airGateway Released",
"trust": 0.8,
"url": "https://community.ubnt.com/t5/airMAX-Updates-Blog/Security-Release-for-airMAX-TOUGHSwitch-and-airGateway-Released/ba-p/1300494"
},
{
"title": "Multiple Ubiquiti Product path traversal vulnerability fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84546"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008231"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-213"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-87227"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008231"
},
{
"db": "NVD",
"id": "CVE-2015-9266"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 1.9,
"url": "https://www.exploit-db.com/exploits/39701/"
},
{
"trust": 1.8,
"url": "https://community.ubnt.com/t5/airmax-updates-blog/important-security-notice-and-airos-5-6-5-release/ba-p/1565949"
},
{
"trust": 1.8,
"url": "https://community.ubnt.com/t5/airmax-updates-blog/security-release-for-airmax-toughswitch-and-airgateway-released/ba-p/1300494"
},
{
"trust": 1.8,
"url": "https://www.exploit-db.com/exploits/39853/"
},
{
"trust": 1.8,
"url": "https://community.ubnt.com/t5/airmax-general-discussion/virus-attack-urgent-ubnt/td-p/1562940"
},
{
"trust": 1.8,
"url": "https://hackerone.com/reports/73480"
},
{
"trust": 1.8,
"url": "https://www.rapid7.com/db/modules/exploit/linux/ssh/ubiquiti_airos_file_upload"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-9266"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-9266"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/22.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-87227"
},
{
"db": "VULMON",
"id": "CVE-2015-9266"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008231"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-213"
},
{
"db": "NVD",
"id": "CVE-2015-9266"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-87227",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2015-9266",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008231",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201809-213",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2015-9266",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2018-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-87227",
"ident": null
},
{
"date": "2018-09-05T00:00:00",
"db": "VULMON",
"id": "CVE-2015-9266",
"ident": null
},
{
"date": "2019-03-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-008231",
"ident": null
},
{
"date": "2018-09-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-213",
"ident": null
},
{
"date": "2018-09-05T20:29:00.253000",
"db": "NVD",
"id": "CVE-2015-9266",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-87227",
"ident": null
},
{
"date": "2021-08-12T00:00:00",
"db": "VULMON",
"id": "CVE-2015-9266",
"ident": null
},
{
"date": "2019-03-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-008231",
"ident": null
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-213",
"ident": null
},
{
"date": "2024-11-21T02:40:12.417000",
"db": "NVD",
"id": "CVE-2015-9266",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-213"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "plural Ubiquiti Product Path traversal vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008231"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-213"
}
],
"trust": 0.6
}
}