VYPR

AirOS

by Ubiquiti Inc

CVEs (5)

  • CVE-2015-9266CriSep 5, 2018
    risk 0.73cvss 9.8epss 0.74

    The web management interface of Ubiquiti airMAX, airFiber, airGateway and EdgeSwitch XP (formerly TOUGHSwitch) allows an unauthenticated attacker to upload and write arbitrary files using directory traversal techniques. An attacker can exploit this vulnerability to gain root…

  • CVE-2010-5330KEVJun 11, 2019
    risk 0.15cvss epss 0.34

    On certain Ubiquiti devices, Command Injection exists via a GET request to stainfo.cgi (aka Show AP info) because the ifname variable is not sanitized, as demonstrated by shell metacharacters. The fixed version is v4.0.1 for 802.11 ISP products, v5.3.5 for AirMax ISP products,…

  • CVE-2020-8168May 26, 2020
    risk 0.00cvss epss 0.01

    We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on AirMax AirOS v6.2.0 and prior TI, XW and XM boards, according to the description below:Attackers can abuse multiple end-points not protected against…

  • CVE-2020-8170May 26, 2020
    risk 0.00cvss epss 0.01

    We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on AirMax AirOS v6.2.0 and prior TI, XW and XM boards, according to the description below:Multiple end-points with parameters vulnerable to reflected…

  • CVE-2017-0938Feb 12, 2019
    risk 0.00cvss epss 0.21

    Denial of Service attack in airMAX < 8.3.2 , airMAX < 6.0.7 and EdgeMAX < 1.9.7 allow attackers to use the Discovery Protocol in amplification attacks.