Ubiquiti Networks AirOS Remote Command Execution Vulnerability Network Vulnerability

Summary

AirOS is prone to a vulnerability that lets attackers execute arbitrary commands in the context of the application. This issue occurs because the application fails to adequately sanitize user- supplied input. Successful attacks can compromise the affected application and possibly the underlying device.

Solution

Updates are available. Please see the references for more details.

References

http://archives.neohapsis.com/archives/fulldisclosure/2011-12/0412.html
http://ubnt.com/forum/showthread.php?p=236875
http://www.securityfocus.com/bid/51178
http://www.ubnt.com/

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

AudiStat multiple vulnerabilities
AstroSPACES profile.php SQL Injection Vulnerability
AVTECH DVR Multiple Vulnerabilities
4Images <= 1.7.1 Directory Traversal Vulnerability
Apache Struts2 'URL' & 'Anchor' tags Arbitrary Java Method Execution Vulnerabilities

Take action and discover your vulnerabilities