The web management interface of Ubiquiti airMAX, airFiber, airGateway and EdgeSwitch XP (formerly TOUGHSwitch) allows an unauthenticated attacker to upload and write arbitrary files using directory traversal techniques. An attacker can exploit this vulnerability to gain root privileges. This vulnerability is fixed in the following product versions (fixes released in July 2015, all prior versions are affected): airMAX AC 7.1.3; airMAX M (and airRouter) 5.6.2 XM/XW/TI, 5.5.11 XM/TI, and 5.5.10u2 XW; airGateway 1.1.5; airFiber AF24/AF24HD 2.2.1, AF5x 3.0.2.1, and AF5 2.2.1; airOS 4 XS2/XS5 4.0.4; and EdgeSwitch XP (formerly TOUGHSwitch) 1.3.2.
oryginał ENCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HUbnt Airos 4 Xs2
OSUbnt< 4.0.4Ubnt Airos 4 Xs5
OSUbnt< 4.0.4Ubnt Edgeswitch Xp Firmware
OSUbnt< 1.3.2Ui Af5
HWUiwszystkie wersjeUi Af5 Firmware
OSUi< 2.2.1Ui Af5x
HWUiwszystkie wersjeUi Af5x Firmware
OSUi< 3.0.2.1Ui Airfiber Af24
HWUiwszystkie wersjeUi Airfiber Af24 Firmware
OSUi< 2.2.1Ui Airfiber Af24hd
HWUiwszystkie wersjeUi Airfiber Af24hd Firmware
OSUi< 2.2.1Ui Airgateway
HWUiwszystkie wersjeUi Airgateway Firmware
OSUi< 1.15Ui Airmax Ac
HWUiwszystkie wersjeUi Airmax Ac Firmware
OSUi7.1.3Ui Airmax M
HWUiwszystkie wersjeUi Airmax M Ti
HWUiwszystkie wersjeUi Airmax M Ti Firmware
OSUi< 5.6.2Ui Airmax M Xm
HWUiwszystkie wersjeUi Airmax M Xm Firmware
OSUi< 5.6.2Ui Airmax M Xw
HWUiwszystkie wersjeUi Airmax M Xw Firmware
OSUi< 5.6.2Ui Edgeswitch Xp
HWUiwszystkie wersje
Powiązane podatności
Denial of Service attack in airMAX < 8.3.2 , airMAX < 6.0.7 and EdgeMAX < 1.9.7 allow attackers to use the Dis...
A malicious actor in Wi-Fi range of the affected product could leverage a vulnerability in the airMAX Wireless...
An improper access validation vulnerability exists in airMAX AC <8.7.11, airFiber 60/LR <2.6.2, airFiber 60 XG...
Nieprawidłowa kontrola dostępu w UniFi OS — nieautoryzowane zmiany systemowe
Path Traversal w UniFi OS — dostęp do plików systemowych i przejęcie konta