critical
10
CWE
22
Advisory Published
CVE Published
Updated

CVE-2015-9266: Ubiquiti airOS HTTP(S) unauthenticated arbitrary file upload

First published: Wed Sep 05 2018(Updated: )

The web management interface of Ubiquiti airMAX, airFiber, airGateway and EdgeSwitch XP (formerly TOUGHSwitch) allows an unauthenticated attacker to upload and write arbitrary files using directory traversal techniques. An attacker can exploit this vulnerability to gain root privileges. This vulnerability is fixed in the following product versions (fixes released in July 2015, all prior versions are affected): airMAX AC 7.1.3; airMAX M (and airRouter) 5.6.2 XM/XW/TI, 5.5.11 XM/TI, and 5.5.10u2 XW; airGateway 1.1.5; airFiber AF24/AF24HD 2.2.1, AF5x 3.0.2.1, and AF5 2.2.1; airOS 4 XS2/XS5 4.0.4; and EdgeSwitch XP (formerly TOUGHSwitch) 1.3.2.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Ui Airmax Ac Firmware=7.1.3
Ui Airmax Ac
Ui Airmax M Xm Firmware<5.6.2
Ui Airmax M Xm
Ui Airmax M Xw Firmware<5.6.2
Ui Airmax M Xw
Ui Airmax M Ti Firmware<5.6.2
Ui Airmax M Ti
Ui Airgateway Firmware<1.15
Ui Airgateway
Ui Airfiber Af24 Firmware<2.2.1
Ui Airfiber Af24
Ui Airfiber Af24hd Firmware<2.2.1
Ui Airfiber Af24hd
Ui Af5x Firmware<3.0.2.1
Ui Af5x
Ui Af5 Firmware<2.2.1
Ui Af5
Ubnt Airos 4 Xs2<4.0.4
Ubnt Airos 4 Xs5<4.0.4
Ui Airmax M
Ubnt Edgeswitch Xp Firmware<1.3.2
Ui Edgeswitch Xp

Remedy

https://community.ubnt.com/t5/airMAX-Updates-Blog/Security-Release-for-airMAX-TOUGHSwitch-and-airGateway-Released/ba-p/1300494

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the vulnerability ID?

    The vulnerability ID is CVE-2015-9266.

  • What is the severity level of CVE-2015-9266?

    The severity level of CVE-2015-9266 is critical.

  • Which software versions are affected by CVE-2015-9266?

    The software versions affected by CVE-2015-9266 are Ui Airmax Ac Firmware 7.1.3 and Ui Airmax M Xm Firmware up to version 5.6.2.

  • How can an attacker exploit CVE-2015-9266?

    An attacker can exploit CVE-2015-9266 by using directory traversal techniques to upload and write arbitrary files, gaining root privileges.

  • Are there any references for more information on CVE-2015-9266?

    Yes, you can find more information on CVE-2015-9266 at the following links: [1](https://community.ubnt.com/t5/airMAX-General-Discussion/Virus-attack-URGENT-UBNT/td-p/1562940) [2](https://community.ubnt.com/t5/airMAX-Updates-Blog/Important-Security-Notice-and-airOS-5-6-5-Release/ba-p/1565949) [3](https://community.ubnt.com/t5/airMAX-Updates-Blog/Security-Release-for-airMAX-TOUGHSwitch-and-airGateway-Released/ba-p/1300494).

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203