var-201809-0006
Vulnerability from variot
The web management interface of Ubiquiti airMAX, airFiber, airGateway and EdgeSwitch XP (formerly TOUGHSwitch) allows an unauthenticated attacker to upload and write arbitrary files using directory traversal techniques. An attacker can exploit this vulnerability to gain root privileges. This vulnerability is fixed in the following product versions (fixes released in July 2015, all prior versions are affected): airMAX AC 7.1.3; airMAX M (and airRouter) 5.6.2 XM/XW/TI, 5.5.11 XM/TI, and 5.5.10u2 XW; airGateway 1.1.5; airFiber AF24/AF24HD 2.2.1, AF5x 3.0.2.1, and AF5 2.2.1; airOS 4 XS2/XS5 4.0.4; and EdgeSwitch XP (formerly TOUGHSwitch) 1.3.2. plural Ubiquiti Product Contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Ubiquiti airMAX AC, etc. are all products of Ubiquiti Networks in the United States. The Ubiquiti airMAX AC is a wireless access point device. airGateway is a gateway device
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "af5",
"scope": "lt",
"trust": 1.0,
"vendor": "ui",
"version": "2.2.1"
},
{
"_id": null,
"model": "airos 4 xs5",
"scope": "lt",
"trust": 1.0,
"vendor": "ubnt",
"version": "4.0.4"
},
{
"_id": null,
"model": "airmax m xm",
"scope": "lt",
"trust": 1.0,
"vendor": "ui",
"version": "5.6.2"
},
{
"_id": null,
"model": "airmax m xw",
"scope": "lt",
"trust": 1.0,
"vendor": "ui",
"version": "5.6.2"
},
{
"_id": null,
"model": "airfiber af24",
"scope": "lt",
"trust": 1.0,
"vendor": "ui",
"version": "2.2.1"
},
{
"_id": null,
"model": "airos 4 xs2",
"scope": "lt",
"trust": 1.0,
"vendor": "ubnt",
"version": "4.0.4"
},
{
"_id": null,
"model": "edgeswitch xp",
"scope": "lt",
"trust": 1.0,
"vendor": "ubnt",
"version": "1.3.2"
},
{
"_id": null,
"model": "airgateway",
"scope": "lt",
"trust": 1.0,
"vendor": "ui",
"version": "1.15"
},
{
"_id": null,
"model": "af5x",
"scope": "lt",
"trust": 1.0,
"vendor": "ui",
"version": "3.0.2.1"
},
{
"_id": null,
"model": "airfiber af24hd",
"scope": "lt",
"trust": 1.0,
"vendor": "ui",
"version": "2.2.1"
},
{
"_id": null,
"model": "airmax ac",
"scope": "eq",
"trust": 1.0,
"vendor": "ui",
"version": "7.1.3"
},
{
"_id": null,
"model": "airmax m ti",
"scope": "lt",
"trust": 1.0,
"vendor": "ui",
"version": "5.6.2"
},
{
"_id": null,
"model": "airfiber",
"scope": "lt",
"trust": 0.8,
"vendor": "ubiquiti",
"version": "af24 2.2.1"
},
{
"_id": null,
"model": "airfiber",
"scope": "lt",
"trust": 0.8,
"vendor": "ubiquiti",
"version": "af24hd 2.2.1"
},
{
"_id": null,
"model": "airgateway",
"scope": "lt",
"trust": 0.8,
"vendor": "ubiquiti",
"version": "1.1.5"
},
{
"_id": null,
"model": "airmax ac",
"scope": "lt",
"trust": 0.8,
"vendor": "ubiquiti",
"version": "7.1.3"
},
{
"_id": null,
"model": "airmax m",
"scope": "lt",
"trust": 0.8,
"vendor": "ubiquiti",
"version": "5.5.10u2 xw"
},
{
"_id": null,
"model": "airmax m",
"scope": "lt",
"trust": 0.8,
"vendor": "ubiquiti",
"version": "5.5.11 ti"
},
{
"_id": null,
"model": "airmax m",
"scope": "lt",
"trust": 0.8,
"vendor": "ubiquiti",
"version": "5.5.11 xm"
},
{
"_id": null,
"model": "airmax m",
"scope": "lt",
"trust": 0.8,
"vendor": "ubiquiti",
"version": "5.6.2 ti"
},
{
"_id": null,
"model": "airmax m",
"scope": "lt",
"trust": 0.8,
"vendor": "ubiquiti",
"version": "5.6.2 xm"
},
{
"_id": null,
"model": "airmax m",
"scope": "lt",
"trust": 0.8,
"vendor": "ubiquiti",
"version": "5.6.2 xw"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008231"
},
{
"db": "NVD",
"id": "CVE-2015-9266"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:ubiquiti_networks:airfiber_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ubiquiti_networks:airgateway_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ubiquiti_networks:airmax_ac_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ubiquiti_networks:airmax_m_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008231"
}
]
},
"cve": "CVE-2015-9266",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2015-9266",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-87227",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2015-9266",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-9266",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "cve@mitre.org",
"id": "CVE-2015-9266",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2015-9266",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-213",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-87227",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2015-9266",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-87227"
},
{
"db": "VULMON",
"id": "CVE-2015-9266"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008231"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-213"
},
{
"db": "NVD",
"id": "CVE-2015-9266"
},
{
"db": "NVD",
"id": "CVE-2015-9266"
}
]
},
"description": {
"_id": null,
"data": "The web management interface of Ubiquiti airMAX, airFiber, airGateway and EdgeSwitch XP (formerly TOUGHSwitch) allows an unauthenticated attacker to upload and write arbitrary files using directory traversal techniques. An attacker can exploit this vulnerability to gain root privileges. This vulnerability is fixed in the following product versions (fixes released in July 2015, all prior versions are affected): airMAX AC 7.1.3; airMAX M (and airRouter) 5.6.2 XM/XW/TI, 5.5.11 XM/TI, and 5.5.10u2 XW; airGateway 1.1.5; airFiber AF24/AF24HD 2.2.1, AF5x 3.0.2.1, and AF5 2.2.1; airOS 4 XS2/XS5 4.0.4; and EdgeSwitch XP (formerly TOUGHSwitch) 1.3.2. plural Ubiquiti Product Contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Ubiquiti airMAX AC, etc. are all products of Ubiquiti Networks in the United States. The Ubiquiti airMAX AC is a wireless access point device. airGateway is a gateway device",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-9266"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008231"
},
{
"db": "VULHUB",
"id": "VHN-87227"
},
{
"db": "VULMON",
"id": "CVE-2015-9266"
}
],
"trust": 1.8
},
"exploit_availability": {
"_id": null,
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=39701",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-9266"
}
]
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2015-9266",
"trust": 2.6
},
{
"db": "EXPLOIT-DB",
"id": "39853",
"trust": 1.8
},
{
"db": "EXPLOIT-DB",
"id": "39701",
"trust": 1.8
},
{
"db": "HACKERONE",
"id": "73480",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008231",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201809-213",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-87227",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-9266",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-87227"
},
{
"db": "VULMON",
"id": "CVE-2015-9266"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008231"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-213"
},
{
"db": "NVD",
"id": "CVE-2015-9266"
}
]
},
"id": "VAR-201809-0006",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-87227"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:41:41.788000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Virus attack - URGENT @UBNT",
"trust": 0.8,
"url": "https://community.ubnt.com/t5/airMAX-General-Discussion/Virus-attack-URGENT-UBNT/td-p/1562940"
},
{
"title": "Important Security Notice and airOS 5.6.5 Release",
"trust": 0.8,
"url": "https://community.ubnt.com/t5/airMAX-Updates-Blog/Important-Security-Notice-and-airOS-5-6-5-Release/ba-p/1565949"
},
{
"title": "Security Release for airMAX and airGateway Released",
"trust": 0.8,
"url": "https://community.ubnt.com/t5/airMAX-Updates-Blog/Security-Release-for-airMAX-TOUGHSwitch-and-airGateway-Released/ba-p/1300494"
},
{
"title": "Multiple Ubiquiti Product path traversal vulnerability fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84546"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008231"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-213"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-87227"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008231"
},
{
"db": "NVD",
"id": "CVE-2015-9266"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 1.9,
"url": "https://www.exploit-db.com/exploits/39701/"
},
{
"trust": 1.8,
"url": "https://community.ubnt.com/t5/airmax-updates-blog/important-security-notice-and-airos-5-6-5-release/ba-p/1565949"
},
{
"trust": 1.8,
"url": "https://community.ubnt.com/t5/airmax-updates-blog/security-release-for-airmax-toughswitch-and-airgateway-released/ba-p/1300494"
},
{
"trust": 1.8,
"url": "https://www.exploit-db.com/exploits/39853/"
},
{
"trust": 1.8,
"url": "https://community.ubnt.com/t5/airmax-general-discussion/virus-attack-urgent-ubnt/td-p/1562940"
},
{
"trust": 1.8,
"url": "https://hackerone.com/reports/73480"
},
{
"trust": 1.8,
"url": "https://www.rapid7.com/db/modules/exploit/linux/ssh/ubiquiti_airos_file_upload"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-9266"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-9266"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/22.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-87227"
},
{
"db": "VULMON",
"id": "CVE-2015-9266"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008231"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-213"
},
{
"db": "NVD",
"id": "CVE-2015-9266"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-87227",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2015-9266",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008231",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201809-213",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2015-9266",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2018-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-87227",
"ident": null
},
{
"date": "2018-09-05T00:00:00",
"db": "VULMON",
"id": "CVE-2015-9266",
"ident": null
},
{
"date": "2019-03-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-008231",
"ident": null
},
{
"date": "2018-09-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-213",
"ident": null
},
{
"date": "2018-09-05T20:29:00.253000",
"db": "NVD",
"id": "CVE-2015-9266",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-87227",
"ident": null
},
{
"date": "2021-08-12T00:00:00",
"db": "VULMON",
"id": "CVE-2015-9266",
"ident": null
},
{
"date": "2019-03-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-008231",
"ident": null
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-213",
"ident": null
},
{
"date": "2024-11-21T02:40:12.417000",
"db": "NVD",
"id": "CVE-2015-9266",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-213"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "plural Ubiquiti Product Path traversal vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008231"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-213"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.