VAR-201809-0006
Vulnerability from variot - Updated: 2023-12-18 12:18The web management interface of Ubiquiti airMAX, airFiber, airGateway and EdgeSwitch XP (formerly TOUGHSwitch) allows an unauthenticated attacker to upload and write arbitrary files using directory traversal techniques. An attacker can exploit this vulnerability to gain root privileges. This vulnerability is fixed in the following product versions (fixes released in July 2015, all prior versions are affected): airMAX AC 7.1.3; airMAX M (and airRouter) 5.6.2 XM/XW/TI, 5.5.11 XM/TI, and 5.5.10u2 XW; airGateway 1.1.5; airFiber AF24/AF24HD 2.2.1, AF5x 3.0.2.1, and AF5 2.2.1; airOS 4 XS2/XS5 4.0.4; and EdgeSwitch XP (formerly TOUGHSwitch) 1.3.2. plural Ubiquiti Product Contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Ubiquiti airMAX AC, etc. are all products of Ubiquiti Networks in the United States. The Ubiquiti airMAX AC is a wireless access point device. airGateway is a gateway device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201809-0006",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "airfiber af24hd",
"scope": "lt",
"trust": 1.0,
"vendor": "ui",
"version": "2.2.1"
},
{
"model": "airmax m xm",
"scope": "lt",
"trust": 1.0,
"vendor": "ui",
"version": "5.6.2"
},
{
"model": "airmax m xw",
"scope": "lt",
"trust": 1.0,
"vendor": "ui",
"version": "5.6.2"
},
{
"model": "af5x",
"scope": "lt",
"trust": 1.0,
"vendor": "ui",
"version": "3.0.2.1"
},
{
"model": "af5",
"scope": "lt",
"trust": 1.0,
"vendor": "ui",
"version": "2.2.1"
},
{
"model": "airos 4 xs5",
"scope": "lt",
"trust": 1.0,
"vendor": "ubnt",
"version": "4.0.4"
},
{
"model": "airmax m ti",
"scope": "lt",
"trust": 1.0,
"vendor": "ui",
"version": "5.6.2"
},
{
"model": "airmax ac",
"scope": "eq",
"trust": 1.0,
"vendor": "ui",
"version": "7.1.3"
},
{
"model": "edgeswitch xp",
"scope": "lt",
"trust": 1.0,
"vendor": "ubnt",
"version": "1.3.2"
},
{
"model": "airfiber af24",
"scope": "lt",
"trust": 1.0,
"vendor": "ui",
"version": "2.2.1"
},
{
"model": "airos 4 xs2",
"scope": "lt",
"trust": 1.0,
"vendor": "ubnt",
"version": "4.0.4"
},
{
"model": "airgateway",
"scope": "lt",
"trust": 1.0,
"vendor": "ui",
"version": "1.15"
},
{
"model": "airfiber",
"scope": "lt",
"trust": 0.8,
"vendor": "ubiquiti",
"version": "af24 2.2.1"
},
{
"model": "airfiber",
"scope": "lt",
"trust": 0.8,
"vendor": "ubiquiti",
"version": "af24hd 2.2.1"
},
{
"model": "airgateway",
"scope": "lt",
"trust": 0.8,
"vendor": "ubiquiti",
"version": "1.1.5"
},
{
"model": "airmax ac",
"scope": "lt",
"trust": 0.8,
"vendor": "ubiquiti",
"version": "7.1.3"
},
{
"model": "airmax m",
"scope": "lt",
"trust": 0.8,
"vendor": "ubiquiti",
"version": "5.5.10u2 xw"
},
{
"model": "airmax m",
"scope": "lt",
"trust": 0.8,
"vendor": "ubiquiti",
"version": "5.5.11 ti"
},
{
"model": "airmax m",
"scope": "lt",
"trust": 0.8,
"vendor": "ubiquiti",
"version": "5.5.11 xm"
},
{
"model": "airmax m",
"scope": "lt",
"trust": 0.8,
"vendor": "ubiquiti",
"version": "5.6.2 ti"
},
{
"model": "airmax m",
"scope": "lt",
"trust": 0.8,
"vendor": "ubiquiti",
"version": "5.6.2 xm"
},
{
"model": "airmax m",
"scope": "lt",
"trust": 0.8,
"vendor": "ubiquiti",
"version": "5.6.2 xw"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008231"
},
{
"db": "NVD",
"id": "CVE-2015-9266"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:ui:airmax_ac_firmware:7.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:ui:airmax_ac:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:ui:airmax_m_xm_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.6.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:ui:airmax_m_xm:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:ui:airmax_m_xw_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.6.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:ui:airmax_m_xw:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:ui:airmax_m_ti_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.6.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:ui:airmax_m_ti:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:ui:airgateway_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.15",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:ui:airgateway:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:ui:airfiber_af24_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:ui:airfiber_af24:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:ui:airfiber_af24hd_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:ui:airfiber_af24hd:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:ui:af5x_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.0.2.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:ui:af5x:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:ui:af5_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:ui:af5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:ubnt:airos_4_xs5:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.0.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:ubnt:airos_4_xs2:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.0.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:ui:airmax_m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:ui:airmax_ac:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:ubnt:edgeswitch_xp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.3.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:ui:edgeswitch_xp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-9266"
}
]
},
"cve": "CVE-2015-9266",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2015-9266",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-87227",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2015-9266",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-9266",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "cve@mitre.org",
"id": "CVE-2015-9266",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-213",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-87227",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2015-9266",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-87227"
},
{
"db": "VULMON",
"id": "CVE-2015-9266"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008231"
},
{
"db": "NVD",
"id": "CVE-2015-9266"
},
{
"db": "NVD",
"id": "CVE-2015-9266"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-213"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The web management interface of Ubiquiti airMAX, airFiber, airGateway and EdgeSwitch XP (formerly TOUGHSwitch) allows an unauthenticated attacker to upload and write arbitrary files using directory traversal techniques. An attacker can exploit this vulnerability to gain root privileges. This vulnerability is fixed in the following product versions (fixes released in July 2015, all prior versions are affected): airMAX AC 7.1.3; airMAX M (and airRouter) 5.6.2 XM/XW/TI, 5.5.11 XM/TI, and 5.5.10u2 XW; airGateway 1.1.5; airFiber AF24/AF24HD 2.2.1, AF5x 3.0.2.1, and AF5 2.2.1; airOS 4 XS2/XS5 4.0.4; and EdgeSwitch XP (formerly TOUGHSwitch) 1.3.2. plural Ubiquiti Product Contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Ubiquiti airMAX AC, etc. are all products of Ubiquiti Networks in the United States. The Ubiquiti airMAX AC is a wireless access point device. airGateway is a gateway device",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-9266"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008231"
},
{
"db": "VULHUB",
"id": "VHN-87227"
},
{
"db": "VULMON",
"id": "CVE-2015-9266"
}
],
"trust": 1.8
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=39701",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-9266"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-9266",
"trust": 2.6
},
{
"db": "EXPLOIT-DB",
"id": "39853",
"trust": 1.8
},
{
"db": "EXPLOIT-DB",
"id": "39701",
"trust": 1.8
},
{
"db": "HACKERONE",
"id": "73480",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008231",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201809-213",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-87227",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-9266",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-87227"
},
{
"db": "VULMON",
"id": "CVE-2015-9266"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008231"
},
{
"db": "NVD",
"id": "CVE-2015-9266"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-213"
}
]
},
"id": "VAR-201809-0006",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-87227"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:18:33.806000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Virus attack - URGENT @UBNT",
"trust": 0.8,
"url": "https://community.ubnt.com/t5/airmax-general-discussion/virus-attack-urgent-ubnt/td-p/1562940"
},
{
"title": "Important Security Notice and airOS 5.6.5 Release",
"trust": 0.8,
"url": "https://community.ubnt.com/t5/airmax-updates-blog/important-security-notice-and-airos-5-6-5-release/ba-p/1565949"
},
{
"title": "Security Release for airMAX and airGateway Released",
"trust": 0.8,
"url": "https://community.ubnt.com/t5/airmax-updates-blog/security-release-for-airmax-toughswitch-and-airgateway-released/ba-p/1300494"
},
{
"title": "Multiple Ubiquiti Product path traversal vulnerability fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=84546"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008231"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-213"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-87227"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008231"
},
{
"db": "NVD",
"id": "CVE-2015-9266"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://www.exploit-db.com/exploits/39701/"
},
{
"trust": 1.8,
"url": "https://community.ubnt.com/t5/airmax-updates-blog/important-security-notice-and-airos-5-6-5-release/ba-p/1565949"
},
{
"trust": 1.8,
"url": "https://community.ubnt.com/t5/airmax-updates-blog/security-release-for-airmax-toughswitch-and-airgateway-released/ba-p/1300494"
},
{
"trust": 1.8,
"url": "https://www.exploit-db.com/exploits/39853/"
},
{
"trust": 1.8,
"url": "https://community.ubnt.com/t5/airmax-general-discussion/virus-attack-urgent-ubnt/td-p/1562940"
},
{
"trust": 1.8,
"url": "https://hackerone.com/reports/73480"
},
{
"trust": 1.8,
"url": "https://www.rapid7.com/db/modules/exploit/linux/ssh/ubiquiti_airos_file_upload"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-9266"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-9266"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/22.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-87227"
},
{
"db": "VULMON",
"id": "CVE-2015-9266"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008231"
},
{
"db": "NVD",
"id": "CVE-2015-9266"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-213"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-87227"
},
{
"db": "VULMON",
"id": "CVE-2015-9266"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008231"
},
{
"db": "NVD",
"id": "CVE-2015-9266"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-213"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-87227"
},
{
"date": "2018-09-05T00:00:00",
"db": "VULMON",
"id": "CVE-2015-9266"
},
{
"date": "2019-03-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-008231"
},
{
"date": "2018-09-05T20:29:00.253000",
"db": "NVD",
"id": "CVE-2015-9266"
},
{
"date": "2018-09-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-213"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-87227"
},
{
"date": "2021-08-12T00:00:00",
"db": "VULMON",
"id": "CVE-2015-9266"
},
{
"date": "2019-03-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-008231"
},
{
"date": "2021-08-12T16:43:11.130000",
"db": "NVD",
"id": "CVE-2015-9266"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-213"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-213"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Ubiquiti Product Path traversal vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008231"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-213"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…