On certain Ubiquiti devices, Command Injection exists via a GET request to stainfo.cgi (aka Show AP info) because the ifname variable is not sanitized, as demonstrated by shell metacharacters. The fixed version is v4.0.1 for 802.11 ISP products, v5.3.5 for AirMax ISP products, and v5.4.5 for AirSync firmware. For example, Nanostation5 (Air OS) is affected.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HUi Airos
OSUi< 4.0.14.0.2 – 5.3.5 (bez)5.3.6 – 5.4.5 (bez)
CISA KEV — detailsi
- Vendori
- Ubiquiti
- Producti
- AirOS
- Added to KEVi
- April 15, 2022
- Remediation deadline (US Federal)i
- May 6, 2022(overdue)
Apply updates per vendor instructions.
Certain Ubiquiti devices contain a command injection vulnerability via a GET request to stainfo.cgi.
Related vulnerabilities
We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vuln...
We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vuln...
Denial of Service attack in airMAX < 8.3.2 , airMAX < 6.0.7 and EdgeMAX < 1.9.7 allow attackers to use the Dis...
We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vuln...
Nieprawidłowa kontrola dostępu w UniFi OS — nieautoryzowane zmiany systemowe