All the vulnerabilites related to ui - airmax_ac
Vulnerability from fkie_nvd
Published
2022-12-23 15:15
Modified
2024-11-21 07:28
Summary
An improper access validation vulnerability exists in airMAX AC <8.7.11, airFiber 60/LR <2.6.2, airFiber 60 XG/HD <v1.0.0 and airFiber GBE <1.4.1 that allows a malicious actor to retrieve status and usage data from the UISP device.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ui:airfiber_gigabeam_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0510CBD3-ECAB-4EAE-B813-A365EE2427CF",
              "versionEndExcluding": "1.4.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ui:airfiber_gigabeam:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "27162356-52BC-4F91-B621-090FD2146BAD",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ui:airfiber_60-xg_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9186FA-50AA-441F-9046-B3BD3414119F",
              "versionEndExcluding": "1.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ui:airfiber_60-xg:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D617F313-DFC0-4B0B-837B-52A2F99B7D35",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ui:airfiber_60-hd_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD966B48-6F6E-4BED-B85B-700B8EA5037E",
              "versionEndExcluding": "1.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ui:airfiber_60-hd:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF242E77-8776-431E-8140-CCBD0113F9EB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ui:airfiber_60-lr_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB9E8D61-70F7-44E3-ACB7-2F114B221669",
              "versionEndExcluding": "2.6.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ui:airfiber_60-lr:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6A02180-9B12-4DF6-89FB-B6223CEDDFA7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ui:airmax_ac_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFEA6FA8-7BEE-4DF2-9F7E-B761F6FB0F0F",
              "versionEndExcluding": "8.7.11",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ui:airmax_ac:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7522076-32AA-4C46-A383-55496EB8E403",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ui:airfiber_60_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E17A9B8-9B06-4F94-A72D-5D1090092519",
              "versionEndExcluding": "2.6.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ui:airfiber_60:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1DC32EA-21B5-444A-8EC1-7B4AB564CB94",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An improper access validation vulnerability exists in airMAX AC \u003c8.7.11, airFiber 60/LR \u003c2.6.2, airFiber 60 XG/HD \u003cv1.0.0 and airFiber GBE \u003c1.4.1 that allows a malicious actor to retrieve status and usage data from the UISP device."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad de validaci\u00f3n de acceso incorrecto en airMAX AC \u0026lt;8.7.11, airFiber 60/LR \u0026lt;2.6.2, airFiber 60 XG/HD"
    }
  ],
  "id": "CVE-2022-44565",
  "lastModified": "2024-11-21T07:28:08.407",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-12-23T15:15:15.847",
  "references": [
    {
      "source": "support@hackerone.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://community.ui.com/releases/Security-Advisory-Bulletin-027-027/123e4577-9f00-4777-abe1-64a1d56fee05"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://community.ui.com/releases/Security-Advisory-Bulletin-027-027/123e4577-9f00-4777-abe1-64a1d56fee05"
    }
  ],
  "sourceIdentifier": "support@hackerone.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "support@hackerone.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-02-12 22:29
Modified
2024-11-21 03:03
Summary
Denial of Service attack in airMAX < 8.3.2 , airMAX < 6.0.7 and EdgeMAX < 1.9.7 allow attackers to use the Discovery Protocol in amplification attacks.
Impacted products
Vendor Product Version
ui airos *
ui airmax_ac -
ui airos *
ui airmax_ac -
ui edgemax_firmware *
ui edgemax -



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ui:airos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AFC9BEF-9863-4546-881A-6C0115AAE1C1",
              "versionEndExcluding": "6.0.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ui:airmax_ac:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7522076-32AA-4C46-A383-55496EB8E403",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ui:airos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "86BFAADA-5DA5-4DE3-ADDA-BE9B68F221F5",
              "versionEndExcluding": "8.3.2",
              "versionStartIncluding": "6.0.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ui:airmax_ac:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7522076-32AA-4C46-A383-55496EB8E403",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ui:edgemax_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF1F2636-CE55-4CE8-862A-872B1C2FD028",
              "versionEndExcluding": "1.9.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ui:edgemax:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "84FF6603-3476-46EB-BC4B-0A00D7DCE6DF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Denial of Service attack in airMAX \u003c 8.3.2 , airMAX \u003c 6.0.7 and EdgeMAX \u003c 1.9.7 allow attackers to use the Discovery Protocol in amplification attacks."
    },
    {
      "lang": "es",
      "value": "Ataque de denegaci\u00f3n de servicio (DoS) en airMAX, en versiones anteriores a la 8.3.2 y la 6.0.7; y EdgeMAX, en versiones anteriores a la 1.9.7, permite que los atacantes empleen el protocolo de descubrimiento en ataques de amplificaci\u00f3n."
    }
  ],
  "id": "CVE-2017-0938",
  "lastModified": "2024-11-21T03:03:56.030",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-02-12T22:29:00.267",
  "references": [
    {
      "source": "support@hackerone.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v6-0-7-Has-Been-Released/ba-p/2056522"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v8-3-2-Has-Been-Released/ba-p/2049215"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://hackerone.com/reports/221625"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v6-0-7-Has-Been-Released/ba-p/2056522"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v8-3-2-Has-Been-Released/ba-p/2049215"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://hackerone.com/reports/221625"
    }
  ],
  "sourceIdentifier": "support@hackerone.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ],
      "source": "support@hackerone.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-09-05 20:29
Modified
2024-11-21 02:40
Summary
The web management interface of Ubiquiti airMAX, airFiber, airGateway and EdgeSwitch XP (formerly TOUGHSwitch) allows an unauthenticated attacker to upload and write arbitrary files using directory traversal techniques. An attacker can exploit this vulnerability to gain root privileges. This vulnerability is fixed in the following product versions (fixes released in July 2015, all prior versions are affected): airMAX AC 7.1.3; airMAX M (and airRouter) 5.6.2 XM/XW/TI, 5.5.11 XM/TI, and 5.5.10u2 XW; airGateway 1.1.5; airFiber AF24/AF24HD 2.2.1, AF5x 3.0.2.1, and AF5 2.2.1; airOS 4 XS2/XS5 4.0.4; and EdgeSwitch XP (formerly TOUGHSwitch) 1.3.2.
References
cve@mitre.orghttps://community.ubnt.com/t5/airMAX-General-Discussion/Virus-attack-URGENT-UBNT/td-p/1562940Vendor Advisory
cve@mitre.orghttps://community.ubnt.com/t5/airMAX-Updates-Blog/Important-Security-Notice-and-airOS-5-6-5-Release/ba-p/1565949Vendor Advisory
cve@mitre.orghttps://community.ubnt.com/t5/airMAX-Updates-Blog/Security-Release-for-airMAX-TOUGHSwitch-and-airGateway-Released/ba-p/1300494Patch, Vendor Advisory
cve@mitre.orghttps://hackerone.com/reports/73480Issue Tracking, Third Party Advisory
cve@mitre.orghttps://www.exploit-db.com/exploits/39701/Exploit, Third Party Advisory, VDB Entry
cve@mitre.orghttps://www.exploit-db.com/exploits/39853/Exploit, Third Party Advisory, VDB Entry
cve@mitre.orghttps://www.rapid7.com/db/modules/exploit/linux/ssh/ubiquiti_airos_file_uploadExploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://community.ubnt.com/t5/airMAX-General-Discussion/Virus-attack-URGENT-UBNT/td-p/1562940Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://community.ubnt.com/t5/airMAX-Updates-Blog/Important-Security-Notice-and-airOS-5-6-5-Release/ba-p/1565949Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://community.ubnt.com/t5/airMAX-Updates-Blog/Security-Release-for-airMAX-TOUGHSwitch-and-airGateway-Released/ba-p/1300494Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://hackerone.com/reports/73480Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.exploit-db.com/exploits/39701/Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://www.exploit-db.com/exploits/39853/Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://www.rapid7.com/db/modules/exploit/linux/ssh/ubiquiti_airos_file_uploadExploit, Third Party Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ui:airmax_ac_firmware:7.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBD592A6-2D4B-425F-A5AA-B436E03E8035",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ui:airmax_ac:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7522076-32AA-4C46-A383-55496EB8E403",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ui:airmax_m_xm_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F600BFE-CD6A-4DEC-BAAE-714AB5D9D223",
              "versionEndExcluding": "5.6.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ui:airmax_m_xm:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8995AF37-CA09-4D28-BF62-611298A93B13",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ui:airmax_m_xw_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B9BB4C6-7C36-4FE4-985C-BEC9156C94C6",
              "versionEndExcluding": "5.6.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ui:airmax_m_xw:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E206B53F-F365-478D-A51B-1F13CD764C07",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ui:airmax_m_ti_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "05E09E94-D8C5-482C-BD19-BFC9C8D42B87",
              "versionEndExcluding": "5.6.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ui:airmax_m_ti:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6AA64D2-B725-4D88-82AD-7B6335BF6248",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ui:airgateway_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CC74D39-7E7F-4565-A856-FF030D28DAA9",
              "versionEndExcluding": "1.15",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ui:airgateway:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "17E9D8F9-0EB5-4F28-8857-3B9E009EE840",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ui:airfiber_af24_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E42DB2E-C8AC-4A46-B9B6-1DA88F6F6FEC",
              "versionEndExcluding": "2.2.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ui:airfiber_af24:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E93CA24-5985-4877-9907-8B9EF9892749",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ui:airfiber_af24hd_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA1691A9-F816-4A1C-9335-A248703B600A",
              "versionEndExcluding": "2.2.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ui:airfiber_af24hd:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "05949407-799A-4A77-ABFF-F7C3A0218A0C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ui:af5x_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "081B3972-42DF-487E-87B9-0CA45EF85354",
              "versionEndExcluding": "3.0.2.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ui:af5x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E0F6008-0FD3-4B86-91F2-2CF6D046AB78",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ui:af5_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "83E8E30C-9772-43E1-8481-F5F610D42CB2",
              "versionEndExcluding": "2.2.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ui:af5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CE2B42D-9CAF-4BE4-B5ED-911D575BC22A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ubnt:airos_4_xs2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "285BAC2B-385C-4D7C-96EA-EE0E6109C0B6",
              "versionEndExcluding": "4.0.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ubnt:airos_4_xs5:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC912267-3FCE-41F9-A9FE-1F54E384F6D7",
              "versionEndExcluding": "4.0.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ui:airmax_ac:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7522076-32AA-4C46-A383-55496EB8E403",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:ui:airmax_m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "22401E7D-9BB7-4015-A28B-1C134C429E56",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ubnt:edgeswitch_xp_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "72285AF8-6D2A-49DE-A267-F483826D6F59",
              "versionEndExcluding": "1.3.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ui:edgeswitch_xp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1777B2FA-9B9A-489F-8F46-213B3ACB9D05",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The web management interface of Ubiquiti airMAX, airFiber, airGateway and EdgeSwitch XP (formerly TOUGHSwitch) allows an unauthenticated attacker to upload and write arbitrary files using directory traversal techniques. An attacker can exploit this vulnerability to gain root privileges. This vulnerability is fixed in the following product versions (fixes released in July 2015, all prior versions are affected): airMAX AC 7.1.3; airMAX M (and airRouter) 5.6.2 XM/XW/TI, 5.5.11 XM/TI, and 5.5.10u2 XW; airGateway 1.1.5; airFiber AF24/AF24HD 2.2.1, AF5x 3.0.2.1, and AF5 2.2.1; airOS 4 XS2/XS5 4.0.4; and EdgeSwitch XP (formerly TOUGHSwitch) 1.3.2."
    },
    {
      "lang": "es",
      "value": "La interfaz web de gesti\u00f3n de Ubiquiti airMAX, airFiber, airGateway y EdgeSwitch XP (anteriormente TOUGHSwitch) permite que un atacante no autenticado suba y escriba archivos arbitrarios mediante t\u00e9cnicas de salto de directorio. Un atacante podr\u00eda explotar esta vulnerabilidad para obtener privilegios root. La vulnerabilidad se soluciona en las siguientes versiones del producto (soluciones lanzadas en julio de 2015, todas las versiones anteriores se han visto afectadas): airMAX AC 7.1.3; airMAX M (y airRouter) 5.6.2 XM/XW/TI, 5.5.11 XM/TI y 5.5.10u2 XW; airGateway 1.1.5; airFiber AF24/AF24HD 2.2.1, AF5x 3.0.2.1 y AF5 2.2.1; airOS 4 XS2/XS5 4.0.4; y EdgeSwitch XP (anteriormente TOUGHSwitch) 1.3.2."
    }
  ],
  "id": "CVE-2015-9266",
  "lastModified": "2024-11-21T02:40:12.417",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "cve@mitre.org",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-09-05T20:29:00.253",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://community.ubnt.com/t5/airMAX-General-Discussion/Virus-attack-URGENT-UBNT/td-p/1562940"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://community.ubnt.com/t5/airMAX-Updates-Blog/Important-Security-Notice-and-airOS-5-6-5-Release/ba-p/1565949"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://community.ubnt.com/t5/airMAX-Updates-Blog/Security-Release-for-airMAX-TOUGHSwitch-and-airGateway-Released/ba-p/1300494"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://hackerone.com/reports/73480"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/39701/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/39853/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.rapid7.com/db/modules/exploit/linux/ssh/ubiquiti_airos_file_upload"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://community.ubnt.com/t5/airMAX-General-Discussion/Virus-attack-URGENT-UBNT/td-p/1562940"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://community.ubnt.com/t5/airMAX-Updates-Blog/Important-Security-Notice-and-airOS-5-6-5-Release/ba-p/1565949"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://community.ubnt.com/t5/airMAX-Updates-Blog/Security-Release-for-airMAX-TOUGHSwitch-and-airGateway-Released/ba-p/1300494"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://hackerone.com/reports/73480"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/39701/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/39853/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.rapid7.com/db/modules/exploit/linux/ssh/ubiquiti_airos_file_upload"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2015-9266
Vulnerability from cvelistv5
Published
2018-09-05 21:00
Modified
2024-08-06 08:43
Severity ?
Summary
The web management interface of Ubiquiti airMAX, airFiber, airGateway and EdgeSwitch XP (formerly TOUGHSwitch) allows an unauthenticated attacker to upload and write arbitrary files using directory traversal techniques. An attacker can exploit this vulnerability to gain root privileges. This vulnerability is fixed in the following product versions (fixes released in July 2015, all prior versions are affected): airMAX AC 7.1.3; airMAX M (and airRouter) 5.6.2 XM/XW/TI, 5.5.11 XM/TI, and 5.5.10u2 XW; airGateway 1.1.5; airFiber AF24/AF24HD 2.2.1, AF5x 3.0.2.1, and AF5 2.2.1; airOS 4 XS2/XS5 4.0.4; and EdgeSwitch XP (formerly TOUGHSwitch) 1.3.2.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T08:43:42.375Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.rapid7.com/db/modules/exploit/linux/ssh/ubiquiti_airos_file_upload"
          },
          {
            "name": "39701",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/39701/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://hackerone.com/reports/73480"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://community.ubnt.com/t5/airMAX-Updates-Blog/Important-Security-Notice-and-airOS-5-6-5-Release/ba-p/1565949"
          },
          {
            "name": "39853",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/39853/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://community.ubnt.com/t5/airMAX-General-Discussion/Virus-attack-URGENT-UBNT/td-p/1562940"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://community.ubnt.com/t5/airMAX-Updates-Blog/Security-Release-for-airMAX-TOUGHSwitch-and-airGateway-Released/ba-p/1300494"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "This vulnerability was reported by 93c08539."
        }
      ],
      "datePublic": "2016-05-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The web management interface of Ubiquiti airMAX, airFiber, airGateway and EdgeSwitch XP (formerly TOUGHSwitch) allows an unauthenticated attacker to upload and write arbitrary files using directory traversal techniques. An attacker can exploit this vulnerability to gain root privileges. This vulnerability is fixed in the following product versions (fixes released in July 2015, all prior versions are affected): airMAX AC 7.1.3; airMAX M (and airRouter) 5.6.2 XM/XW/TI, 5.5.11 XM/TI, and 5.5.10u2 XW; airGateway 1.1.5; airFiber AF24/AF24HD 2.2.1, AF5x 3.0.2.1, and AF5 2.2.1; airOS 4 XS2/XS5 4.0.4; and EdgeSwitch XP (formerly TOUGHSwitch) 1.3.2."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-09-05T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.rapid7.com/db/modules/exploit/linux/ssh/ubiquiti_airos_file_upload"
        },
        {
          "name": "39701",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/39701/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://hackerone.com/reports/73480"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://community.ubnt.com/t5/airMAX-Updates-Blog/Important-Security-Notice-and-airOS-5-6-5-Release/ba-p/1565949"
        },
        {
          "name": "39853",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/39853/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://community.ubnt.com/t5/airMAX-General-Discussion/Virus-attack-URGENT-UBNT/td-p/1562940"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://community.ubnt.com/t5/airMAX-Updates-Blog/Security-Release-for-airMAX-TOUGHSwitch-and-airGateway-Released/ba-p/1300494"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Ubiquiti airOS HTTP(S) unauthenticated arbitrary file upload",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-9266",
          "STATE": "PUBLIC",
          "TITLE": "Ubiquiti airOS HTTP(S) unauthenticated arbitrary file upload"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "This vulnerability was reported by 93c08539."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The web management interface of Ubiquiti airMAX, airFiber, airGateway and EdgeSwitch XP (formerly TOUGHSwitch) allows an unauthenticated attacker to upload and write arbitrary files using directory traversal techniques. An attacker can exploit this vulnerability to gain root privileges. This vulnerability is fixed in the following product versions (fixes released in July 2015, all prior versions are affected): airMAX AC 7.1.3; airMAX M (and airRouter) 5.6.2 XM/XW/TI, 5.5.11 XM/TI, and 5.5.10u2 XW; airGateway 1.1.5; airFiber AF24/AF24HD 2.2.1, AF5x 3.0.2.1, and AF5 2.2.1; airOS 4 XS2/XS5 4.0.4; and EdgeSwitch XP (formerly TOUGHSwitch) 1.3.2."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.rapid7.com/db/modules/exploit/linux/ssh/ubiquiti_airos_file_upload",
              "refsource": "MISC",
              "url": "https://www.rapid7.com/db/modules/exploit/linux/ssh/ubiquiti_airos_file_upload"
            },
            {
              "name": "39701",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/39701/"
            },
            {
              "name": "https://hackerone.com/reports/73480",
              "refsource": "MISC",
              "url": "https://hackerone.com/reports/73480"
            },
            {
              "name": "https://community.ubnt.com/t5/airMAX-Updates-Blog/Important-Security-Notice-and-airOS-5-6-5-Release/ba-p/1565949",
              "refsource": "CONFIRM",
              "url": "https://community.ubnt.com/t5/airMAX-Updates-Blog/Important-Security-Notice-and-airOS-5-6-5-Release/ba-p/1565949"
            },
            {
              "name": "39853",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/39853/"
            },
            {
              "name": "https://community.ubnt.com/t5/airMAX-General-Discussion/Virus-attack-URGENT-UBNT/td-p/1562940",
              "refsource": "MISC",
              "url": "https://community.ubnt.com/t5/airMAX-General-Discussion/Virus-attack-URGENT-UBNT/td-p/1562940"
            },
            {
              "name": "https://community.ubnt.com/t5/airMAX-Updates-Blog/Security-Release-for-airMAX-TOUGHSwitch-and-airGateway-Released/ba-p/1300494",
              "refsource": "CONFIRM",
              "url": "https://community.ubnt.com/t5/airMAX-Updates-Blog/Security-Release-for-airMAX-TOUGHSwitch-and-airGateway-Released/ba-p/1300494"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-9266",
    "datePublished": "2018-09-05T21:00:00",
    "dateReserved": "2018-09-04T00:00:00",
    "dateUpdated": "2024-08-06T08:43:42.375Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-0938
Vulnerability from cvelistv5
Published
2019-02-12 22:00
Modified
2024-09-16 18:49
Severity ?
Summary
Denial of Service attack in airMAX < 8.3.2 , airMAX < 6.0.7 and EdgeMAX < 1.9.7 allow attackers to use the Discovery Protocol in amplification attacks.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:25:17.343Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v6-0-7-Has-Been-Released/ba-p/2056522"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://hackerone.com/reports/221625"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v8-3-2-Has-Been-Released/ba-p/2049215"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "airMAX, EdgeMAX",
          "vendor": "HackerOne",
          "versions": [
            {
              "status": "affected",
              "version": "airMAX \u003c 8.3.2, airMAX \u003c 6.0.7, EdgeRouter \u003c v1.9.7"
            }
          ]
        }
      ],
      "datePublic": "2019-02-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Denial of Service attack in airMAX \u003c 8.3.2 , airMAX \u003c 6.0.7 and EdgeMAX \u003c 1.9.7 allow attackers to use the Discovery Protocol in amplification attacks."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "Denial of Service (CWE-400)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-02-12T21:57:01",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v6-0-7-Has-Been-Released/ba-p/2056522"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://hackerone.com/reports/221625"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v8-3-2-Has-Been-Released/ba-p/2049215"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "support@hackerone.com",
          "DATE_PUBLIC": "2019-02-06T00:00:00",
          "ID": "CVE-2017-0938",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "airMAX, EdgeMAX",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "airMAX \u003c 8.3.2, airMAX \u003c 6.0.7, EdgeRouter \u003c v1.9.7"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "HackerOne"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Denial of Service attack in airMAX \u003c 8.3.2 , airMAX \u003c 6.0.7 and EdgeMAX \u003c 1.9.7 allow attackers to use the Discovery Protocol in amplification attacks."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service (CWE-400)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v6-0-7-Has-Been-Released/ba-p/2056522",
              "refsource": "MISC",
              "url": "https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v6-0-7-Has-Been-Released/ba-p/2056522"
            },
            {
              "name": "https://hackerone.com/reports/221625",
              "refsource": "MISC",
              "url": "https://hackerone.com/reports/221625"
            },
            {
              "name": "https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v8-3-2-Has-Been-Released/ba-p/2049215",
              "refsource": "MISC",
              "url": "https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v8-3-2-Has-Been-Released/ba-p/2049215"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2017-0938",
    "datePublished": "2019-02-12T22:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-16T18:49:35.479Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-44565
Vulnerability from cvelistv5
Published
2022-12-23 00:00
Modified
2024-08-03 13:54
Severity ?
Summary
An improper access validation vulnerability exists in airMAX AC <8.7.11, airFiber 60/LR <2.6.2, airFiber 60 XG/HD <v1.0.0 and airFiber GBE <1.4.1 that allows a malicious actor to retrieve status and usage data from the UISP device.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T13:54:03.925Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://community.ui.com/releases/Security-Advisory-Bulletin-027-027/123e4577-9f00-4777-abe1-64a1d56fee05"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "UISP Wireless",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed Versions airMAX AC  to Version 8.7.11 or later, airFiber 60/LR  to Version 2.6.2 or later,  airFiber 60 XG/HD  to Version 1.0.0 or later, GBE to Version 1.4.1 or later."
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper access validation vulnerability exists in airMAX AC \u003c8.7.11, airFiber 60/LR \u003c2.6.2, airFiber 60 XG/HD \u003cv1.0.0 and airFiber GBE \u003c1.4.1 that allows a malicious actor to retrieve status and usage data from the UISP device."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "Improper Access Control - Generic (CWE-284)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-23T00:00:00",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "url": "https://community.ui.com/releases/Security-Advisory-Bulletin-027-027/123e4577-9f00-4777-abe1-64a1d56fee05"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2022-44565",
    "datePublished": "2022-12-23T00:00:00",
    "dateReserved": "2022-11-01T00:00:00",
    "dateUpdated": "2024-08-03T13:54:03.925Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}