Executive Summary

Informations
NameCVE-2010-5330First vendor Publication2019-06-11
VendorCveLast vendor Modification2019-06-14

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Cvss Base Score5Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

On certain Ubiquiti devices, Command Injection exists via a GET request to stainfo.cgi (aka Show AP info) because the ifname variable is not sanitized, as demonstrated by shell metacharacters. The fixed version is v4.0.1 for 802.11 ISP products, v5.3.5 for AirMax ISP products, and v5.4.5 for AirSync firmware. For example, Nanostation5 (Air OS) is affected.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5330

CWE : Common Weakness Enumeration

%idName
100 %CWE-77Improper Sanitization of Special Elements used in a Command ('Command Injection')

Sources (Detail)

SourceUrl
MISC https://community.ubnt.com/t5/airMAX-General-Discussion/AirOS-Security-Exploi...
https://www.exploit-db.com/exploits/14146

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2019-06-14 17:18:55
  • Multiple Updates
2019-06-12 05:19:12
  • First insertion