Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
1000
VMScore

CVE-2015-9266

Published: 05/09/2018 Updated: 12/08/2021
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 1000
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Ui

Vulnerability Summary

The web management interface of Ubiquiti airMAX, airFiber, airGateway and EdgeSwitch XP (formerly TOUGHSwitch) allows an unauthenticated malicious user to upload and write arbitrary files using directory traversal techniques. An attacker can exploit this vulnerability to gain root privileges. This vulnerability is fixed in the following product versions (fixes released in July 2015, all prior versions are affected): airMAX AC 7.1.3; airMAX M (and airRouter) 5.6.2 XM/XW/TI, 5.5.11 XM/TI, and 5.5.10u2 XW; airGateway 1.1.5; airFiber AF24/AF24HD 2.2.1, AF5x 3.0.2.1, and AF5 2.2.1; airOS 4 XS2/XS5 4.0.4; and EdgeSwitch XP (formerly TOUGHSwitch) 1.3.2.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

ui airmax_ac_firmware 7.1.3

ui airmax_m_xm_firmware

ui airmax_m_xw_firmware

ui airmax_m_ti_firmware

ui airgateway_firmware

ui airfiber_af24_firmware

ui airfiber_af24hd_firmware

ui af5x_firmware

ui af5_firmware

ubnt airos_4_xs5

ubnt airos_4_xs2

ubnt edgeswitch_xp_firmware

Exploits

Exploit DB: AirOS 6.x - Arbitrary File Upload
EDB-Note Source: hackeronecom/reports/73480 Vulnerability It's possible to overwrite any file (and create new ones) on AirMax systems, because the "php2" (maybe because of a patch) don't verify the "filename" value of a POST request It's possible to a unauthenticated user to exploit this vulnerability Example Consider the following re ...

References

CWE-22https://www.rapid7.com/db/modules/exploit/linux/ssh/ubiquiti_airos_file_uploadhttps://www.exploit-db.com/exploits/39853/https://www.exploit-db.com/exploits/39701/https://hackerone.com/reports/73480https://community.ubnt.com/t5/airMAX-Updates-Blog/Security-Release-for-airMAX-TOUGHSwitch-and-airGateway-Released/ba-p/1300494https://community.ubnt.com/t5/airMAX-Updates-Blog/Important-Security-Notice-and-airOS-5-6-5-Release/ba-p/1565949https://community.ubnt.com/t5/airMAX-General-Discussion/Virus-attack-URGENT-UBNT/td-p/1562940https://nvd.nist.govhttps://www.exploit-db.com/exploits/39701/
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304CVE-2024-4240arbitrary CVE-2024-31601XSSCVE-2023-20198CVE-2024-4256CVE-2024-3342encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook