Unrated severityCISA KEVNVD Advisory· Published Jun 11, 2019· Updated Oct 21, 2025

CVE-2010-5330

Description

On certain Ubiquiti devices, Command Injection exists via a GET request to stainfo.cgi (aka Show AP info) because the ifname variable is not sanitized, as demonstrated by shell metacharacters. The fixed version is v4.0.1 for 802.11 ISP products, v5.3.5 for AirMax ISP products, and v5.4.5 for AirSync firmware. For example, Nanostation5 (Air OS) is affected.

Affected products

Ubiquiti/802.11 ISP productsdescription

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

community.ubnt.com/t5/airMAX-General-Discussion/AirOS-Security-Exploit-Updated-Firmware/td-p/212974mitrex_refsource_MISC
www.exploit-db.com/exploits/14146mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.034
exploit	0.000
kev	0.120
patch	0.000
ransomware	0.000