← back
CVE-2010-5330

CVE-2010-5330

CVSS 9.8 CRITICALEPSS 34.4%● KEVCWE-77
In short

A Ubiquiti device accepts unsanitized user input in a web request, allowing an attacker to run arbitrary system commands on the device. This happens because the device does not properly filter shell commands in a parameter called 'ifname'.

Technical detail

Command Injection vulnerability in stainfo.cgi via unsanitized 'ifname' GET parameter allows unauthenticated remote code execution on affected Ubiquiti devices (Nanostation5, AirMax ISP, AirSync, 802.11 ISP products). The attack vector is a specially crafted HTTP GET request containing shell metacharacters that are executed with device privileges.

Summary generated and translated by AI from the official description.
On certain Ubiquiti devices, Command Injection exists via a GET request to stainfo.cgi (aka Show AP info) because the ifname variable is not sanitized, as demonstrated by shell metacharacters. The fixed version is v4.0.1 for 802.11 ISP products, v5.3.5 for AirMax ISP products, and v5.4.5 for AirSync firmware. For example, Nanostation5 (Air OS) is affected.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/a
public PoCs found1
cve_referencewww.exploit-db.com/exploits/14146unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://community.ubnt.com/t5/airMAX-General-Discussion/AirOS-Security-Exploit-Updated-Firmware/td-p/212974https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-5330https://www.exploit-db.com/exploits/14146